Skip to main content
Springer Nature Link
Log in

A Template Attack to Reconstruct the Input of SHA-3 on an 8-Bit Device

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12244))

Abstract

We present an enumeration procedure based on a template attack to recover the complete input text of a SHA-3 implementation on an 8-bit microprocessor from a single trace of a power-analysis side channel. This attack targets 600 bytes of triple-redundant internal state in each invocation of the permutation used by SHA-3. We first build templates that can generate for each of these bytes a rank table of all 256 candidates. The templates we obtained for our 8-bit target CPU nearly identified the correct value of most target bytes directly, rather than just gathering information about their Hamming weights. We then search the full intermediate state of the Keccak permutation to eliminate remaining uncertainties about the recovered byte values. From the resulting intermediate states we finally reconstruct both the input and output of SHA-3 and verify the output. In our experimental evaluation of this procedure we achieved success rates higher than 99%.

S.-C. You—Supported by the Cambridge Trust and the Ministry of Education, Taiwan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alkim, E., et al.: NewHope: Algorithm specifications and supporting documentation (2019). https://newhopecrypto.org/

  2. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference (2011)

    Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_19

    Chapter  Google Scholar 

  4. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  5. Choudary, M.O.: Efficient multivariate statistical techniques for extracting secrets from electronic devices. Technical Report, UCAM-CL-TR-878, PhD thesis, University of Cambridge (2015)

    Google Scholar 

  6. Choudary, M.O., Kuhn, M.G.: Efficient stochastic methods: profiled attacks beyond 8 bits. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 85–103. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_6

    Chapter  Google Scholar 

  7. Choudary, M.O., Kuhn, M.G.: Efficient, portable template attacks. IEEE Trans. Inf. Forensics Secur. 13(2), 490–501 (2018)

    Article  Google Scholar 

  8. Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_17

    Chapter  Google Scholar 

  9. KeccakTools. https://github.com/KeccakTeam/KeccakTools

  10. Luo, P., Fei, Y., Fang, X., Ding, A.A., Kaeli, D.R., Leeser, M.: Side-channel analysis of MAC-Keccak hardware implementations. In: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy (HASP 2015). Association for Computing Machinery (2015)

    Google Scholar 

  11. Mangard, S.: Hardware countermeasures against DPA – a statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_18

    Chapter  Google Scholar 

  12. Microchip: ATxmega256A3U. Accessed Feb 2020, https://www.microchip.com/wwwproducts/en/atxmega256a3u

  13. National Instruments: PXI-4110 programmable power supply. http://www.ni.com/en-gb/support/model.pxi-4110.html

  14. National Instruments: PXIe-5160 oscilloscope. http://www.ni.com/en-gb/support/model.pxie-5160.html

  15. National Instruments: PXIe-5423 waveform generator. http://www.ni.com/en-gb/support/model.pxie-5423.html

  16. NIST: SHA-3 standard: permutation-based hash and extendable-output functions (2015). http://dx.doi.org/10.6028/NIST.FIPS.202, FIPS PUB 202

  17. Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_14

    Chapter  Google Scholar 

  18. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  19. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3

    Chapter  Google Scholar 

  20. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_26

    Chapter  Google Scholar 

  21. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    Chapter  Google Scholar 

  22. Taha, M., Schaumont, P.: Differential power analysis of MAC-Keccak at any key-length. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 68–82. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41383-4_5

    Chapter  Google Scholar 

  23. Taha, M., Schaumont, P.: Side-channel analysis of MAC-Keccak. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 125–130. IEEE (2013)

    Google Scholar 

  24. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_25

    Chapter  Google Scholar 

  25. Extended Keccak code package. https://github.com/XKCP/XKCP, Accessed April 2019, lib/low/KeccakP-1600/Compact64/KeccakP-1600-compact64.c

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, University of Cambridge, Cambridge, CB3 0FD, UK

    Shih-Chun You & Markus G. Kuhn

Authors
  1. Shih-Chun You
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Markus G. Kuhn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Markus G. Kuhn .

Editor information

Editors and Affiliations

  1. RD, Security Pattern SRL, Brescia, Brescia, Italy

    Guido Marco Bertoni

  2. AlaRI, Università della Svizzera italiana, Lugano, Switzerland

    Francesco Regazzoni

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

You, SC., Kuhn, M.G. (2021). A Template Attack to Reconstruct the Input of SHA-3 on an 8-Bit Device. In: Bertoni, G.M., Regazzoni, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2020. Lecture Notes in Computer Science(), vol 12244. Springer, Cham. https://doi.org/10.1007/978-3-030-68773-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68773-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68772-4

  • Online ISBN: 978-3-030-68773-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation