DNFA: Differential No-Fault Analysis of Bit Permutation based Ciphers Assisted by Side-Channel
Xiaolu Hou1,a, Jakub Breier2 and Shivam Bhasin1,b
1Temasek Laboratories Nanyang Technological University Singapore
ho0001lu@e.ntu.edu.sg
sbhasin@ntu.edu.sg
2Silicon Austria Labs Graz, Austria
jbreier@jbreier.com
ABSTRACT
Physical security of NIST lightweight cryptography competition candidates is gaining importance as the standardization process progresses. Side-channel attacks (SCA) are a wellresearched topic within the physical security of cryptographic implementations. It was shown that collisions in the intermediate values can be captured by side-channel measurements to reduce the complexity of the key retrieval to trivial numbers.
In this paper, we target a specific bit permutation vulnerability in the block cipher GIFT that allows the attacker to mount a key recovery attack. We present a novel SCA methodology called DCSCA – Differential Ciphertext SCA, which follows principles of differential fault analysis, but instead of the usage of faults, it utilizes SCA and statistical distribution of intermediate values. We simulate the attack on a publicly available bitslice implementation of GIFT, showing the practicality of the attack. We further show the application of the attack on GIFT-based AEAD schemes (GIFT-COFB, ESTATE, HYENA, and SUNDAE-GIFT) proposed for the NIST LWC competition. DCSCA can recover the master key with 213:39 AEAD sessions, assuming 32 encryptions per session.
Keywords: Side-Channel Attacks, Bit Permutations, GIFT, AEAD.