Power Analysis of MAC-Keccak: A Side-Channel Attack

Presentation

Term Paper

Abstract

In the spring of 2017, two documents were discovered to have the same hash value when run through the Secure Hashing Algorithm 1 (SHA-1) cryptographic hash algorithm. This discovery is an indicator that SHA-1 may not be secure for much longer. One consequence of a general attack upon SHA-1 would be the security of hash-based message authentication codes (HMAC) that use SHA-1 as their hash function. Because of this, many have begun to look towards Keccak, the finalist for NIST’s SHA-3 competition. However, a number of attacks have been proposed against Keccak. Perhaps most dangerous amongst these are side channel attacks that retrieve secret information by taking advantage of the physical effects of running a cryptographic operation on a device. This paper discusses two proposed attacks against Keccak based message authentication codes that make use of power analysis, a side channel attack that focuses on energy consumption. It then discusses different ways in which the effectiveness of power analysis may be reduced, including masking and the Keccak-MAC (KMAC) construction proposed by NIST.

Overview References
  • [1] Bertoni, G., Daemen, J., Peeters, M., Assche, G. V., and Keer, R. V. Note on side-channel attacks and their countermeasures. https://keccak.team/files/NoteSideChannelAttacks.pdf
  • [2] Bertoni, G., Daemen, J., Peeters, M., Assche, G. V., and Keer, R. V. Team keccak. https://keccak.team/files/index.html
  • [3] Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. Cryptographic Sponge Functions. 2011.
  • [4] Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. The KECCAK Reference. 2011.
  • [5] Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. The KECCAK SHA-3 Submission. 2011.
  • [6] Brier, E., Clavier, C., and Olivier, F. Correlation Power Analysis with a Leakage Model. Springer, Heidelberg, 2004.
  • [7] Kocher, P., Jaffe, J. Jun, D., and Rohatgi, P. Introduction to Differential Power Analysis. Springer, Heidelberg, 2011.
  • [8] Luo, P., Fei, Y., Fang, X., Ding, A., Kaeli, D., and Leeser, M. Side-Channel Analysis of MAC-Keccak Hardware Implementations. In Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privace (2015).
  • [9] Lynn, B. Pseudo-Random Functions. Retrieved Feb 20, 2018: https://crypto.stanford.edu/pbc/notes/crypto/prf.html
  • [10] National Institute of Technology and Information, FIPS PUB 198: The Keyed-Hash Message Authentication Code (HMAC). National Institute of Technology and Information, Gaithersburg, 2002.
  • [11] National Institute of Technology and Information, FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. National Institute of Technology and Information, Gaithersburg, 2015.
  • [12] National Institute of Technology and Information, NIST Special Publication 800-185: SHA-3 Derived Functions. National Institute of Technology and Information, Gaithersburg, 2016.
  • [13] Stinson, D. R., Crytography: Theory and Practice, 3rd Ed.. Chapman & Hall/CRC, Boca Raton, 2006.
  • [14] Taha, M., and Schaumont, P. Differential Power Analysis of MAC-Keccak at Any Key-Length. Springer, Heidelberg, 2013.
  • [15] Tran, X. Power Analysis Attacks on Keccak. RIT Scholar Works, Rochester, 2015.
  • [16] Zohner, M., Kasper, M., Stottinger, M., and Huss, S. Side Channel Analysis of the SHA-3 Finalists. In Design, Automation Test in Europe Conference Exhibitions(2012), pp. 1012-1017.