DES with any reduced masked rounds is not secure against side-channel attacks

Jongsung Kim, Yuseop Lee, Sangjin Lee

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to apply independent masks to each of the first and last few rounds. However, at the workshops on Selected Areas in Cryptography (SAC) 2006 and Cryptographic Hardware and Embedded System (CHES) 2007, HandschuhPreneel and BiryukovKhovratovich showed that DES and AES with such reduced masked rounds are still vulnerable to side-channel attacks combined with block cipher cryptanalysis. Specifically, Handschuh and Preneel presented differential based side-channel attacks on DES with the first 4 rounds masked, and Biryukov and Khovratovich presented impossible and multiset collision based side-channel attacks on AES with the first 2, 3 and 4 rounds masked. More recently, Kim and Hong showed that AES-192 and AES-256 with the first 5 rounds masked are also vulnerable to side-channel attacks based on the meet-in-the-middle technique. In this paper, we focus on the security of DES with reduced masked rounds against side-channel attacks; we propose differential based side-channel attacks on DES with the first 5, 6 and 7 rounds masked: they require 217.4, 224, 235.5 chosen plaintexts with associate power traces and collision measurements, correspondingly. Our attacks are the first known side-channel attacks on DES with the first 5, 6 and 7 rounds masked; our attack results show that DES with any reduced masked rounds is not secure against side-channel attacks, i.e., in order for DES to be resistant to side-channel attacks, entire rounds should be masked.

Original languageEnglish
Pages (from-to)347-354
Number of pages8
JournalComputers and Mathematics with Applications
Volume60
Issue number2
DOIs
Publication statusPublished - 2010 Jul 1

Fingerprint

Side Channel Attacks
Encryption
Cryptography
Advanced Encryption Standard
Collision
Attack
Standards
Side channel attack
Block Ciphers
Block Cipher
Multiset
Cryptanalysis
Masking
Embedded Systems
Mask
Security of data
Trace
Hardware
Entire
Embedded systems

Keywords

  • DES
  • Differentials
  • Side-channel attacks

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Modelling and Simulation
  • Computational Mathematics

Cite this

DES with any reduced masked rounds is not secure against side-channel attacks. / Kim, Jongsung; Lee, Yuseop; Lee, Sangjin.

In: Computers and Mathematics with Applications, Vol. 60, No. 2, 01.07.2010, p. 347-354.

Research output: Contribution to journalArticle

@article{4d251b8e2ece4346b2fe18b451ee1b47,
title = "DES with any reduced masked rounds is not secure against side-channel attacks",
abstract = "The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to apply independent masks to each of the first and last few rounds. However, at the workshops on Selected Areas in Cryptography (SAC) 2006 and Cryptographic Hardware and Embedded System (CHES) 2007, HandschuhPreneel and BiryukovKhovratovich showed that DES and AES with such reduced masked rounds are still vulnerable to side-channel attacks combined with block cipher cryptanalysis. Specifically, Handschuh and Preneel presented differential based side-channel attacks on DES with the first 4 rounds masked, and Biryukov and Khovratovich presented impossible and multiset collision based side-channel attacks on AES with the first 2, 3 and 4 rounds masked. More recently, Kim and Hong showed that AES-192 and AES-256 with the first 5 rounds masked are also vulnerable to side-channel attacks based on the meet-in-the-middle technique. In this paper, we focus on the security of DES with reduced masked rounds against side-channel attacks; we propose differential based side-channel attacks on DES with the first 5, 6 and 7 rounds masked: they require 217.4, 224, 235.5 chosen plaintexts with associate power traces and collision measurements, correspondingly. Our attacks are the first known side-channel attacks on DES with the first 5, 6 and 7 rounds masked; our attack results show that DES with any reduced masked rounds is not secure against side-channel attacks, i.e., in order for DES to be resistant to side-channel attacks, entire rounds should be masked.",
keywords = "DES, Differentials, Side-channel attacks",
author = "Jongsung Kim and Yuseop Lee and Sangjin Lee",
year = "2010",
month = "7",
day = "1",
doi = "10.1016/j.camwa.2010.01.011",
language = "English",
volume = "60",
pages = "347--354",
journal = "Computers and Mathematics with Applications",
issn = "0898-1221",
publisher = "Elsevier Limited",
number = "2",

}

TY - JOUR

T1 - DES with any reduced masked rounds is not secure against side-channel attacks

AU - Kim, Jongsung

AU - Lee, Yuseop

AU - Lee, Sangjin

PY - 2010/7/1

Y1 - 2010/7/1

N2 - The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to apply independent masks to each of the first and last few rounds. However, at the workshops on Selected Areas in Cryptography (SAC) 2006 and Cryptographic Hardware and Embedded System (CHES) 2007, HandschuhPreneel and BiryukovKhovratovich showed that DES and AES with such reduced masked rounds are still vulnerable to side-channel attacks combined with block cipher cryptanalysis. Specifically, Handschuh and Preneel presented differential based side-channel attacks on DES with the first 4 rounds masked, and Biryukov and Khovratovich presented impossible and multiset collision based side-channel attacks on AES with the first 2, 3 and 4 rounds masked. More recently, Kim and Hong showed that AES-192 and AES-256 with the first 5 rounds masked are also vulnerable to side-channel attacks based on the meet-in-the-middle technique. In this paper, we focus on the security of DES with reduced masked rounds against side-channel attacks; we propose differential based side-channel attacks on DES with the first 5, 6 and 7 rounds masked: they require 217.4, 224, 235.5 chosen plaintexts with associate power traces and collision measurements, correspondingly. Our attacks are the first known side-channel attacks on DES with the first 5, 6 and 7 rounds masked; our attack results show that DES with any reduced masked rounds is not secure against side-channel attacks, i.e., in order for DES to be resistant to side-channel attacks, entire rounds should be masked.

AB - The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to apply independent masks to each of the first and last few rounds. However, at the workshops on Selected Areas in Cryptography (SAC) 2006 and Cryptographic Hardware and Embedded System (CHES) 2007, HandschuhPreneel and BiryukovKhovratovich showed that DES and AES with such reduced masked rounds are still vulnerable to side-channel attacks combined with block cipher cryptanalysis. Specifically, Handschuh and Preneel presented differential based side-channel attacks on DES with the first 4 rounds masked, and Biryukov and Khovratovich presented impossible and multiset collision based side-channel attacks on AES with the first 2, 3 and 4 rounds masked. More recently, Kim and Hong showed that AES-192 and AES-256 with the first 5 rounds masked are also vulnerable to side-channel attacks based on the meet-in-the-middle technique. In this paper, we focus on the security of DES with reduced masked rounds against side-channel attacks; we propose differential based side-channel attacks on DES with the first 5, 6 and 7 rounds masked: they require 217.4, 224, 235.5 chosen plaintexts with associate power traces and collision measurements, correspondingly. Our attacks are the first known side-channel attacks on DES with the first 5, 6 and 7 rounds masked; our attack results show that DES with any reduced masked rounds is not secure against side-channel attacks, i.e., in order for DES to be resistant to side-channel attacks, entire rounds should be masked.

KW - DES

KW - Differentials

KW - Side-channel attacks

UR - http://www.scopus.com/inward/record.url?scp=77955717468&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955717468&partnerID=8YFLogxK

U2 - 10.1016/j.camwa.2010.01.011

DO - 10.1016/j.camwa.2010.01.011

M3 - Article

AN - SCOPUS:77955717468

VL - 60

SP - 347

EP - 354

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

SN - 0898-1221

IS - 2

ER -