[Resource Topic] 2016/793: Side-Channel Analysis of Keymill

Welcome to the resource topic for 2016/793

Title:
Side-Channel Analysis of Keymill

Authors: Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Florian Mendel

Abstract:

One prominent countermeasure against side-channel attacks, especially differential power analysis (DPA), is fresh re-keying. In such schemes, the so-called re-keying function takes the burden of protecting a cryptographic primitive against DPA. To ensure the security of the scheme against side-channel analysis, the used re-keying function has to withstand both simple power analysis (SPA) and differential power analysis (DPA). Recently, at SAC 2016, Keymill—a side-channel resilient key generator (or re-keying function)—has been proposed, which is claimed to be inherently secure against side-channel attacks. In this work, however, we present a DPA attack on Keymill, which is based on the dynamic power consumption of a digital circuit that is tied to the 0\rightarrow1 and 1\rightarrow0 switches of its logical gates. Hence, the power consumption of the shift-registers used in Keymill depends on the 0\rightarrow1 and 1\rightarrow0 switches of its internal state. This information is sufficient to obtain the internal differential pattern (up to a small number of bits, which have to be brute-forced) of the 4 shift-registers of Keymill after the nonce (or IV) has been absorbed. This leads to a practical key-recovery attack on Keymill.

ePrint: https://eprint.iacr.org/2016/793

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .