This book consolidates several key aspects from the state-of-the-art research in symmetric key cryptography, which is among the cornerstones of digital security. It presents the content in an informative yet beginner-friendly, accompanied with toy examples and comprehensible graphics. In particular, it highlights the recent developments in tool-assisted analysis of ciphers. Furthermore, promising device-dependent attacks, such as fault attack and side channel attacks on symmetric key ciphers, are discussed in detail. One salient feature of this book is to present a detailed analysis of various fault countermeasures. The coverage of our book is quite diverse―it ranges from prerequisite information, latest research contribution as well as future research directions. It caters to students and researchers working in the field of cryptography.
Author(s): Anubhab Baksi
Series: Computer Architecture and Design Methodologies
Publisher: Springer
Year: 2021
Language: English
Pages: 300
City: Cham
About This Book
Contents
1 Introduction
1.1 Context and Motivation
1.2 Research Directions
1.2.1 Cipher Design and Classical Cryptanalysis
1.2.2 Realization/Mapping
1.2.3 Physical Attack and Countermeasure
1.3 Standardization of Ciphers
1.4 Organization
References
2 Fundamentals of Symmetric Key Cryptography
2.1 Building Blocks
2.1.1 Boolean Function
2.1.2 Substitution Box (SBox)
2.1.3 Linear Layer
2.2 Primitives
2.2.1 (Un-keyed) Permutation
2.2.2 Block Cipher
2.2.3 Stream Cipher
2.2.4 Hash Function
2.2.5 Message Authentication Code (MAC)
2.2.6 Authenticated Encryption with Associated Data (AEAD)
2.3 Cipher Families
2.3.1 Substitution Permutation Network (SPN)
2.3.2 Feistel Network
2.3.3 Add–Rotation–XOR (ARX) Construction
2.4 Description of Exemplary Ciphers
2.4.1 ADVANCED ENCRYPTION STANDARD (AES)
2.4.2 PRESENT-80
2.4.3 GIFT-128
2.4.4 CHASKEY
2.5 Formidability of the Attacker
2.5.1 Conventional Notions of Security
2.5.2 Power of the Attacker
2.5.3 Objective of the Attacker
2.6 Major Classical Attacks
2.6.1 Differential Attack
2.6.2 Linear Attack
2.6.3 Algebraic Attack
2.6.4 Integral/Cube Attack
2.6.5 Impossible Differential Attack
2.7 Device Implementation
2.8 Additional Topics
2.8.1 Black Box–Grey Box–White Box Models
2.8.2 Mixed Integer Linear Programming (MILP)
2.8.3 Machine Learning (ML)
2.8.4 Competitions
References
3 Fault Attack
3.1 Introduction
3.2 Fault Models
3.2.1 Precise Bit Flip
3.2.2 Single/Multiple Fault Adversary
3.2.3 Random/Deterministic Fault Model
3.2.4 Information Theoretic View
3.2.5 Other Aspects
3.3 Data Alteration Methods
3.3.1 Volatility
3.3.2 Modification of Operation
3.3.3 Modification of Operand
3.4 Sources of Fault Injection
3.5 Analysis Methods
3.5.1 Difference-Based Fault Analysis
3.5.2 Collision-Based Fault Analysis
3.5.3 Statistics-Based Fault Analysis
3.5.4 Others
3.6 Generalized Fault Attack Automation Frameworks
3.6.1 Cipher Level Approaches
3.6.2 Implementation Level Approaches
3.7 Countermeasures
3.7.1 Detection
3.7.2 Infection
3.7.3 Prevention
3.7.4 Re-keying, Tweak and Tweak-in-Plaintext, Masking Plaintext
3.7.5 Attacks on Countermeasures
3.7.6 Specialized Countermeasures Against Statistical Ineffective Fault Attack
References
4 Side Channel Attack
4.1 Introduction and Background
4.2 Power Analysis
4.2.1 Simple Power Analysis
4.2.2 Differential Power Analysis (DPA)
4.2.3 Template Attack
4.2.4 Correlation Power Analysis (CPA)
4.2.5 Countermeasures
4.3 Case Study: Side Channel Analysis of CHASKEY
4.3.1 Practical Attack Setups
4.3.2 Experimental Results
References
5 New Insights on Differential and Linear Bounds Using Mixed Integer Linear Programming
5.1 Introduction
5.2 Background
5.2.1 Branch Number to Model SBox (Inscrypt'11)
5.2.2 Convex Hull to Model SBox—Active SBox Count (Eprint'13)
5.2.3 Convex Hull to Model SBox—Exact Bound (Eprint'14)
5.2.4 Redundant Constraints to Reduce Solution Time (Eprint'19)
5.3 Problem with Convex Hull Modelling
5.4 Automated Bounds with MILP: Our Proposal
5.4.1 Modelling
5.4.2 Optimizations
5.4.3 Results
5.5 Conclusion
5.6 Supplementary Discussion
5.6.1 Detailed Description on MILP Modelling of XOR
5.6.2 Illustration with MILP Model for 1-Round Differential Bound for GIFT-128
5.6.3 Illustration with MILP Model of Previous Constraints for 4-Round Differential Bound for GIFT-128
References
6 Machine Learning-Assisted Differential Distinguishers for Lightweight Ciphers
6.1 Introduction
6.2 Background
6.2.1 Markov Ciphers
6.2.2 Gohr's Work on SPECK (CRYPTO'19)
6.3 Basic Description of the Ciphers
6.3.1 GIMLI
6.3.2 ASCON
6.3.3 KNOT
6.4 Machine Learning-Based Distinguishers
6.4.1 Model 1: Multiple Input Differences
6.4.2 Model 2: One Input Difference
6.4.3 Comparison with Existing Models
6.5 Results on Round-Reduced Ciphers
6.5.1 Gimli (Model 1)
6.5.2 ASCON and KNOT (Model 1)
6.5.3 CHASKEY (Model 2)
6.6 Choice of Machine Learning Model
6.7 Conclusion and Follow-Up Problems
References
7 Differential Paradox: How an SBox Plays Against Differential Fault Analysis
7.1 Introduction
7.2 Difference Distribution Table-Related Properties
7.3 Characterizing SBoxes in View of DFA
7.4 Implication of Our Analysis and Future Work
References
8 DEFAULT: Cipher-Level Resistance Against Differential Fault Attack
8.1 Introduction
8.2 Background
8.2.1 DFA Models
8.2.2 DFA Protection
8.2.3 Feasibility of Cipher-Level Protection Against Faults
8.2.4 Working Principle for DFA
8.3 Construction of DFA-Resistant Layer/Cipher
8.3.1 Ad hoc DFA Protection to Any Cipher (DeFault-Layer)
8.3.2 Extension to a Full-Fledged Cipher (DeFault)
8.3.3 Construction of DeFault-Layer
8.3.4 Construction of DeFault-Core (and DeFault)
8.4 Design Rationale
8.4.1 Design Philosophy
8.4.2 Structure of the DeFault PermBits
8.4.3 Selection of the DeFault SBoxes
8.4.4 Unbiased Linear Structures
8.5 Security Analysis
8.5.1 Protection Against Differential Fault Attack
8.5.2 Protection Against Classical Cryptanalysis
8.5.3 Protection Against Side Channels Attacks
8.6 Automated Bounds for Differential and Linear Attacks
8.7 Performance
8.7.1 Hardware Benchmark
8.7.2 Software Benchmark
8.8 Conclusion
8.9 Supplementary Discussion
References
9 To Infect or Not to Infect: A Critical Analysis of Infective Countermeasures in Fault Attacks
9.1 Introduction
9.2 Background
9.2.1 Context of Differential Fault Analysis
9.2.2 Early Countermeasures: Detection-Based
9.2.3 Evolution of Infective Countermeasures
9.2.4 Notations and Terminologies
9.2.5 Necessity and Sufficiency of Randomness
9.2.6 Scope and Applicability
9.2.7 Connection with Side Channel Countermeasures
9.3 Type I Constructions
9.3.1 Multiplication-Based Constructions
9.3.2 Derivative-Based Constructions
9.3.3 New Type I Schemes
9.3.4 Benchmarking Results for Type I Schemes
9.4 Type II/Cipher-Level Constructions
9.4.1 Critical Look at CHES'14 Countermeasure
9.4.2 Our Patch for LatinCrypt'12 Countermeasure
9.5 Conclusion
References
10 A Novel Duplication-Based Countermeasure to Statistical Ineffective Fault Analysis
10.1 Introduction
10.2 Fault Attack Preliminaries
10.2.1 Differential Fault Attack (DFA)
10.2.2 General Countermeasures Against Fault Attacks
10.3 Statistical Ineffective Fault Attack (SIFA)
10.3.1 Duplication-Based Countermeasures and Need for Specialization
10.3.2 Existing SIFA Countermeasures
10.4 Our Proposed Solution
10.4.1 Adopting Inverted Logic to Symmetric Key Ciphers
10.4.2 Benchmarks
10.4.3 Evaluation
10.4.4 Comparison with Existing Countermeasures
10.4.5 Connection with Side Channel Countermeasures
10.5 Conclusion
References
11 Concluding Remarks
11.1 Synopsis
11.2 Interesting Problems for Future Research
References
Index
