Examining the practical side channel resilience of arx-boxes

Yan Yan; Elisabeth Oswald

doi:10.1145/3310273.3323399

Examining the practical side channel resilience of arx-boxes

Yan Yan, Elisabeth Oswald

Cryptography and Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

6 Citations (Scopus)

369 Downloads (Pure)

Abstract

Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: Modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works' reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: We show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces.

Original language	English
Title of host publication	ACM International Conference on Computing Frontiers 2019, CF 2019 - Proceedings
Subtitle of host publication	April 30 - May 2, 2019, Alghero, Sardinia, Italy
Publisher	Association for Computing Machinery
Pages	373-379
Number of pages	7
ISBN (Electronic)	9781450366854
DOIs	https://doi.org/10.1145/3310273.3323399
Publication status	Published - 30 Apr 2019
Event	16th ACM International Conference on Computing Frontiers, CF 2019 - Alghero, Sardinia, Italy Duration: 30 Apr 2019 → 2 May 2019

Conference

Conference	16th ACM International Conference on Computing Frontiers, CF 2019
Country/Territory	Italy
City	Alghero, Sardinia
Period	30/04/19 → 2/05/19

Keywords

ARX
Correlation Attack
Side Channel

Access to Document

10.1145/3310273.3323399

Full-text PDF (accepted author manuscript)
This is the accepted author manuscript (AAM). The final published version (version of record) is available online via ACM at https://doi.org/https://doi.org/10.1145/3310273.3323399 . Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 852 KBLicence: Other

Handle.net

Persistent link

Cite this

@inproceedings{df76a153a7644db7acb371914a5bb691,

title = "Examining the practical side channel resilience of arx-boxes",

abstract = "Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: Modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works' reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: We show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces.",

keywords = "ARX, Correlation Attack, Side Channel",

author = "Yan Yan and Elisabeth Oswald",

year = "2019",

month = apr,

day = "30",

doi = "10.1145/3310273.3323399",

language = "English",

pages = "373--379",

booktitle = "ACM International Conference on Computing Frontiers 2019, CF 2019 - Proceedings",

publisher = "Association for Computing Machinery",

address = "United States",

note = "16th ACM International Conference on Computing Frontiers, CF 2019 ; Conference date: 30-04-2019 Through 02-05-2019",

}

Yan, Y & Oswald, E 2019, Examining the practical side channel resilience of arx-boxes. in ACM International Conference on Computing Frontiers 2019, CF 2019 - Proceedings: April 30 - May 2, 2019, Alghero, Sardinia, Italy . Association for Computing Machinery, pp. 373-379, 16th ACM International Conference on Computing Frontiers, CF 2019, Alghero, Sardinia, Italy, 30/04/19. https://doi.org/10.1145/3310273.3323399

Examining the practical side channel resilience of arx-boxes. / Yan, Yan; Oswald, Elisabeth.
ACM International Conference on Computing Frontiers 2019, CF 2019 - Proceedings: April 30 - May 2, 2019, Alghero, Sardinia, Italy . Association for Computing Machinery, 2019. p. 373-379.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Examining the practical side channel resilience of arx-boxes

AU - Yan, Yan

AU - Oswald, Elisabeth

PY - 2019/4/30

Y1 - 2019/4/30

N2 - Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: Modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works' reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: We show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces.

AB - Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: Modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works' reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: We show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces.

KW - ARX

KW - Correlation Attack

KW - Side Channel

UR - https://www.scopus.com/pages/publications/85066049155

U2 - 10.1145/3310273.3323399

DO - 10.1145/3310273.3323399

M3 - Conference Contribution (Conference Proceeding)

AN - SCOPUS:85066049155

SP - 373

EP - 379

BT - ACM International Conference on Computing Frontiers 2019, CF 2019 - Proceedings

PB - Association for Computing Machinery

T2 - 16th ACM International Conference on Computing Frontiers, CF 2019

Y2 - 30 April 2019 through 2 May 2019

ER -

Examining the practical side channel resilience of arx-boxes

Abstract

Conference

Keywords

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this