Side-Channel Power Analysis of XTS-AES

Chao Luo1,a, Yunsi Fei1,b and A. Adam Ding2
1Department of Electrical & Computer Engineering, Northeastern University, Boston, MA 02115, USA.
2Department of Mathematics, Northeastern University, Boston, MA 02115, USA.


XTS-AES is an advanced mode of AES for data protection of sector-based devices. Compared to other AES modes, it features two secret keys instead of one, and an additional tweak for each data block. These characteristics make the mode not only resistant against cryptoanalysis attacks, but also more challenging for side-channel attack. In this paper, we propose two attack methods on XTS-AES overcoming these challenges. In the first attack, we analyze side-channel leakage of the particular modular multiplication in XTS-AES mode. In the second one, we utilize the relationship between two consecutive block tweaks and propose a method to work around the masking of ciphertext by the tweak. These attacks are verified on an FPGA implementation of XTS-AES. The results show that XTS-AES is susceptible to side-channel power analysis attacks, and therefore dedicated protections are required for security of XTS-AES in storage devices.

Full Text (PDF)