Welcome to the resource topic for 2017/382
Title:
A General Degenerate Grouping Power Attack with Specific Application to SIMON and SPECK
Authors: Steven Cavanaugh
Abstract:A Degenerate Grouping Power Attack (DGPA) is a type of Partitioning Power Analysis (PPA) used to extract secret keys from the power sidechannel signal of an encryption algorithm running on a device along with some known and varying information such as the associated plaintext or ciphertext associated with each encryption. The DGPA is applied to SIMON and SPECK implementations on MSP430, PIC16F, and Spartan 6 platforms in this work. While keys are successfully recovered from unprotected implementations, guidance is given on a minimum number of rounds, d, to perform per clock cycle in FPGAs and ASICs as to mitigate against such attacks for a deployment dependent maximum quantity of data which is to be encrypted with a given key. On the Spartan 6, full key recovery of SIMON 64/128 d\leq4 and SPECK 64/128 d\leq3 is trivially achieved in seconds with no more than one million random plaintexts, requiring the use of larger d for most implementations. The amount of work to recover a key as a function of the amount of collected data encrypted with that key is explored. To ensure security when performing most modes of block cipher operation with an algorithm having block size 2n, a particular key should be used to perform no more than 2^n encryptions. A feasible key recovery requiring less than 80-bits of work and data from less than 2^{32} encryptions is excluded for SIMON 64/128 implementations having d\geq 9 and for SPECK 64/128 implementations having d\geq5. The DGPA attack method is demonstrated to succeed against a limited data set consisting of one power sample per device clock cycle against a specifically targeted instruction. This provides a basis for a low power field deployed power side channel signal capture hardware for embedded key recovery and exfiltration.
ePrint: https://eprint.iacr.org/2017/382
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .