Side-Channel Analysis of Keymill
نویسندگان
چکیده
One prominent countermeasure against side-channel attacks, especially differential power analysis (DPA), is fresh re-keying. In such schemes, the so-called re-keying function takes the burden of protecting a cryptographic primitive against DPA. To ensure the security of the scheme against side-channel analysis, the re-keying function has to withstand both simple power analysis (SPA) and differential power analysis (DPA). Recently, at SAC 2016, Taha et al. proposed Keymill, a sidechannel resilient key generator (or re-keying function), which is claimed to be inherently secure against side-channel attacks. In this work, however, we present a DPA attack on Keymill, which is based on the dynamic power consumption of a digital circuit that is tied to the 0 → 1 and 1 → 0 switches of its logical gates. Hence, the power consumption of the shift-registers used in Keymill depends on the 0 → 1 and 1 → 0 switches of its internal state. This information is sufficient to obtain the internal differential pattern (up to a small number of bits, which have to be brute-forced) of the 4 shift-registers of Keymill after the nonce has been absorbed. This leads to a practical key-recovery attack on Keymill.
منابع مشابه
Keymill: Side-Channel Resilient Key Generator A New Concept for SCA-Security by Design
In the crypto community, it is widely acknowledged that any cryptographic scheme that is built with no countermeasure against sidechannel analysis (SCA) can be easily broken. In this paper, we challenge this intuition. We investigate a novel approach in the design of cryptographic primitives that promotes inherent security against side-channel analysis without using redundant circuits. We propo...
متن کاملImproved Channel Estimation for DVB-T2 Systems by Utilizing Side Information on OFDM Sparse Channel Estimation
The second generation of digital video broadcasting (DVB-T2) standard utilizes orthogonal frequency division multiplexing (OFDM) system to reduce and to compensate the channel effects by utilizing its estimation. Since wireless channels are inherently sparse, it is possible to utilize sparse representation (SR) methods to estimate the channel. In addition to sparsity feature of the channel, the...
متن کاملModeling Discharge Coefficient of Side Weir on Converging Channel Using Extreme Learning Machine
In this study, the discharge coefficient of side weirs located on converging channels was simulated for the first time using a new method of Extreme Learning Machine (ELM). To examine the accuracy of the numerical model, the Monte Carlo simulations were used and the experimental values validation was conducted by the k-fold cross validation method. Then, the input parameters were detected for s...
متن کاملبررسی الگوی جریان روی سرریزهای جانبی تاجدایرهای
In this study, the flow characteristics have been investigated by measuring separation zone, surface and velocity profiles over the circular crested side weirs. An equation was proposed for the length of the separation zone using dimensional, statistical and regression analysis. The dimensional analysis showed that the length of separation zone depends on the upstream to the downstream water de...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016