{"title":"Algebraic side‐channel attacks on Trivium stream cipher","authors":"Wenlong Sun, Jie Guan","doi":"10.1049/cmu2.12752","DOIUrl":null,"url":null,"abstract":"Algebraic Side‐Channel Attacks (ASCAs), first proposed by Renauld and Standaert in 2009, are a potent cryptanalysis method against block ciphers. In this paper, the authors initially utilize ASCAs to analyze the security of the Trivium stream cipher, given its concise algebraic structure. Considering its efficiency in both hardware and software implementations, the authors deploy ASCAs to target Trivium implemented both in application specific integrated circuit (ASIC) under the Hamming Distance Leakage Model (HDLM) (noted as CASE 1) and in microcontrollers of various buses (i.e. some common 8‐bit, 16‐bit, and 32‐bit architectures, noted as CASE 2, CASE 3, and CASE 4, respectively) under the Hamming Weight Leakage Model (HWLM). Here, the authors’ attacks are conducted on power‐simulated targets and not on real devices. For a single power consumption trace without measurement errors, this paper presents experimental results using MiniSat 2.0. Unfortunately, the authors were unable to break the ASIC implementation of Trivium under HDLM (CASE 1) with a time complexity of 2109 s or so, which is worse than the exhaustive key attack. For CASEs 2 to 4, the authors can find the complete 288‐bit state of Trivium within a reasonable timeframe. Specially, the success rate can reach 100% with an average solving time of less than 1 s when only measuring the leakages of the first eight consecutive rounds for CASE 2. Furthermore, the authors can still successfully recover the internal state even when obtaining leakages of the first 41 rounds with a random loss rate. In fact, it can tolerate a 74% random loss rate for the first 223 rounds. With regard to the potential errors in the measurements, the authors mitigate them using Tolerant ASCA (TASCA). Similarly, CASE 1 cannot be compromised even in error‐free situations, while the authors can still successfully recover the internal state of CASEs 2 to 4 from a single power trace, even with a high error rate, including 100% incorrect measurements. Surprisingly, for CASEs 2 to 4, the authors can recover the internal state with a 100% success rate, regardless of the error rate. As a result, the security of Trivium will not be enhanced when transitioning from a smaller 8‐bit platform to a larger 32‐bit platform. In the end, the authors will consider some more abstract attack models. The results can provide us with additional insights into the security of Trivium from a different perspective.","PeriodicalId":55001,"journal":{"name":"IET Communications","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2024-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1049/cmu2.12752","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0
Abstract
Algebraic Side‐Channel Attacks (ASCAs), first proposed by Renauld and Standaert in 2009, are a potent cryptanalysis method against block ciphers. In this paper, the authors initially utilize ASCAs to analyze the security of the Trivium stream cipher, given its concise algebraic structure. Considering its efficiency in both hardware and software implementations, the authors deploy ASCAs to target Trivium implemented both in application specific integrated circuit (ASIC) under the Hamming Distance Leakage Model (HDLM) (noted as CASE 1) and in microcontrollers of various buses (i.e. some common 8‐bit, 16‐bit, and 32‐bit architectures, noted as CASE 2, CASE 3, and CASE 4, respectively) under the Hamming Weight Leakage Model (HWLM). Here, the authors’ attacks are conducted on power‐simulated targets and not on real devices. For a single power consumption trace without measurement errors, this paper presents experimental results using MiniSat 2.0. Unfortunately, the authors were unable to break the ASIC implementation of Trivium under HDLM (CASE 1) with a time complexity of 2109 s or so, which is worse than the exhaustive key attack. For CASEs 2 to 4, the authors can find the complete 288‐bit state of Trivium within a reasonable timeframe. Specially, the success rate can reach 100% with an average solving time of less than 1 s when only measuring the leakages of the first eight consecutive rounds for CASE 2. Furthermore, the authors can still successfully recover the internal state even when obtaining leakages of the first 41 rounds with a random loss rate. In fact, it can tolerate a 74% random loss rate for the first 223 rounds. With regard to the potential errors in the measurements, the authors mitigate them using Tolerant ASCA (TASCA). Similarly, CASE 1 cannot be compromised even in error‐free situations, while the authors can still successfully recover the internal state of CASEs 2 to 4 from a single power trace, even with a high error rate, including 100% incorrect measurements. Surprisingly, for CASEs 2 to 4, the authors can recover the internal state with a 100% success rate, regardless of the error rate. As a result, the security of Trivium will not be enhanced when transitioning from a smaller 8‐bit platform to a larger 32‐bit platform. In the end, the authors will consider some more abstract attack models. The results can provide us with additional insights into the security of Trivium from a different perspective.
期刊介绍:
IET Communications covers the fundamental and generic research for a better understanding of communication technologies to harness the signals for better performing communication systems using various wired and/or wireless media. This Journal is particularly interested in research papers reporting novel solutions to the dominating problems of noise, interference, timing and errors for reduction systems deficiencies such as wasting scarce resources such as spectra, energy and bandwidth.
Topics include, but are not limited to:
Coding and Communication Theory;
Modulation and Signal Design;
Wired, Wireless and Optical Communication;
Communication System
Special Issues. Current Call for Papers:
Cognitive and AI-enabled Wireless and Mobile - https://digital-library.theiet.org/files/IET_COM_CFP_CAWM.pdf
UAV-Enabled Mobile Edge Computing - https://digital-library.theiet.org/files/IET_COM_CFP_UAV.pdf