DNFA: Differential No-Fault Analysis of Bit Permutation based Ciphers Assisted by Side-Channel

Xiaolu Hou^1,a, Jakub Breier² and Shivam Bhasin^1,b
1Temasek Laboratories Nanyang Technological University Singapore
ho0001lu@e.ntu.edu.sg
sbhasin@ntu.edu.sg
²Silicon Austria Labs Graz, Austria
jbreier@jbreier.com

ABSTRACT

Physical security of NIST lightweight cryptography competition candidates is gaining importance as the standardization process progresses. Side-channel attacks (SCA) are a wellresearched topic within the physical security of cryptographic implementations. It was shown that collisions in the intermediate values can be captured by side-channel measurements to reduce the complexity of the key retrieval to trivial numbers.
In this paper, we target a specific bit permutation vulnerability in the block cipher GIFT that allows the attacker to mount a key recovery attack. We present a novel SCA methodology called DCSCA – Differential Ciphertext SCA, which follows principles of differential fault analysis, but instead of the usage of faults, it utilizes SCA and statistical distribution of intermediate values. We simulate the attack on a publicly available bitslice implementation of GIFT, showing the practicality of the attack. We further show the application of the attack on GIFT-based AEAD schemes (GIFT-COFB, ESTATE, HYENA, and SUNDAE-GIFT) proposed for the NIST LWC competition. DCSCA can recover the master key with 2^13:39 AEAD sessions, assuming 32 encryptions per session.

Keywords: Side-Channel Attacks, Bit Permutations, GIFT, AEAD.

---

Full Text (PDF)

© 2021 EDAA. All rights reserved.