Side-Channel Analysis of Grøstl and Skein
نویسندگان
چکیده
This work1 provides a detailed study of two finalists of the SHA-3 competition from the sidechannel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical HMAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, we implemented HMAC-Grøstl, HMAC-Skein as well as countermeasures on a 32-bit ARM-based smart card. We also mounted power analysis attacks in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed. Keywords-side-channel, HMAC, SHA-3, countermeasures
منابع مشابه
Design and benchmarking of an ASIC with five SHA-3 finalist candidates
This contribution describes our efforts in the design of a 130nm CMOS ASIC that implements Skein, BLAKE, JH, Grøstl, and Keccak, the five candidates selected by NIST in the third round SHA-3 competition. The objective of the ASIC is to accurately measure the performance and power dissipation of each candidate when implemented as an ASIC. The design of this ASIC, and its optimization for benchma...
متن کاملQuantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein
This paper presents attacks that clearly violate the explicit security claims of 11 of the 14 second-round submissions to the SHA-3 competition: Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein. The attacks are structured-first-preimage attacks, the most devastating type of hash-function attack. The attacks use a quantum computer, but not a particul...
متن کاملSecurity Analysis and Comparison of the SHA-3 Finalists BLAKE, Grøstl, JH, Keccak, and Skein
In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to the vulnerabilities identified in widely employed hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 5 candidates are left in the third round of the competition. An import...
متن کاملGPU Parallel Statistical and Cube Test Analysis of the SHA-3 Finalist Candidate Hash Functions
The 256-bit versions of the SHA-3 finalist candidate hash functions—BLAKE, Grøstl, JH, Keccak, and Skein—were subjected to statistical tests to attempt to disprove the hypothesis that the output bits are uniformly distributed, independent, binary random variables. The hash functions were also subjected to cube tests to attempt to disprove the hypothesis that the superpoly bits are uniformly dis...
متن کاملCompact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Gröstl, and Skein
The weakening of the widely used SHA-1 hash function has also cast doubts on the strength of the related algorithms of the SHA-2 family. The US NIST has therefore initiated the SHA-3 competition in order to select a modern hash function algorithm as a “backup” for SHA-2. This algorithm should be efficiently implementable both in software and hardware under different constraints. In this paper, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012