National Institute of Standards and Technology における超伝導研究及び生活

We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several such attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we describe several countermeasures for mitigating such attacks.

/pdf/cache-attacks-and-countermeasures-the-case-of-aes-4r1moh4qcv.pdf

Cache attacks and Countermeasures: the Case of AES.

Cache attacks and countermeasures: the case of AES

We present a new block cipher LED. While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable block ciphers, the cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES-like security proofs for LED regarding related- or single-key attacks. And third, while we provide a block cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.

The LED block cipher

Radio frequency identification (RFID) is an emerging technology which brings enormous productivity benefits in applications where objects have to be identified automatically This paper presents issues concerning security and privacy of RFID systems which are heavily discussed in public In contrast to the RFID community, which claims that cryptographic components are too costly for RFID tags, we describe a solution using strong symmetric authentication which is suitable for today’s requirements regarding low power consumption and low die-size We introduce an authentication protocol which serves as a proof of concept for authenticating an RFID tag to a reader device using the Advanced Encryption Standard (AES) as cryptographic primitive The main part of this work is a novel approach of an AES hardware implementation which encrypts a 128-bit block of data within 1000 clock cycles and has a power consumption below 9 μA on a 035 μm CMOS process

/pdf/strong-authentication-for-rfid-systems-using-the-aes-1e0980i5yf.pdf

Strong Authentication for RFID Systems using the AES Algorithm

This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The SBoxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(28). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 ?m CMOS process requires an area of only 0.108 mm2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.

An ASIC Implementation of the AES SBoxes

Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES The main difference is the (compared to AES) extremely conservative key schedule In this work, we present a distinguishing attack on the full compression function of Whirlpool We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule This results in a near-collision attack on 95 rounds of the compression function of Whirlpool with a complexity of 2176 and negligible memory requirements Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool This is the first result on the full Whirlpool compression function

/pdf/rebound-distinguishers-results-on-the-full-whirlpool-3ttq5qud4s.pdf

Rebound Distinguishers: Results on the Full Whirlpool Compression Function

We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the 10-round Whirlpool hash function and compression function. Our results are collisions for 5.5 and near-collisions for 7.5 rounds on the hash function, as well as semi-free-start collisions for 7.5 and semi-free-start near-collisions for 9.5 rounds on the compression function. Additionally, we introduce the subspace problem as a generalization of near-collision resistance. Finally, we present the first distinguishers that apply to the full compression function and the full underlying block cipher W of Whirlpool.

/pdf/the-rebound-attack-and-subspace-distinguishers-application-384odkl4o2.pdf

The Rebound Attack and Subspace Distinguishers: Application to Whirlpool

In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for the compression function of SHA-256 reduced to 47 out of 64 steps with practical complexity. We have implemented the attack and provide an example. Our results suggest that the security margin of SHA-256 is much lower than the security margin of most of the SHA-3 finalists in this setting. The techniques employed in this attack are based on a rectangle/boomerang approach and cover advanced search algorithms for good characteristics and message modification techniques. Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256. We provide valid rectangles for 48 steps of SHACAL-2.

/pdf/second-order-differential-collisions-for-reduced-sha-256-2r1142cvtq.pdf

Second-Order differential collisions for reduced SHA-256

In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes.

/pdf/computational-aspects-of-the-expected-differential-1zd3sitguo.pdf

Mario Lamberger

Papers

An ASIC Implementation of the AES SBoxes

Rebound Distinguishers: Results on the Full Whirlpool Compression Function

The Rebound Attack and Subspace Distinguishers: Application to Whirlpool

Second-Order differential collisions for reduced SHA-256

Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers