Pincering SKINNY by Exploiting Slow Diffusion
Enhancing Differential Power Analysis with Cluster Graph Inference
DOI:
https://doi.org/10.46586/tches.v2023.i4.460-492Keywords:
Lightweight Cryptography, SKINNY, Belief Propagation, Differential Power Analysis, Cluster GraphsAbstract
Lightweight cryptography is an emerging field where designers are testing the limits of symmetric cryptography. We investigate the resistance against sidechannel attacks of a new class of lighter blockciphers, which use a classic substitution–permutation network with slow diffusion and many rounds.
Among these ciphers, we focus on SKINNY, a primitive used up to the final round ofNIST’s recent lightweight standardisation effort. We show that the lack of diffusion in the key scheduler allows an attacker to combine leakage from the first and the last rounds, effectively pincering its target. Furthermore, the slow diffusion used by its partial key-absorption and linear layers enable, on both sides, to target S-Boxes from several rounds deep.
As some of these S-boxes leak on the same part of the key, full key recovery exploiting all leakage requires a clever combining strategy. We introduce the use of cluster graph inference (an established tool from probabilistic graphical model theory) to enhance both unprofiled or profiled differential power analysis, enabling us to handle
the increase of S-Boxes with their intertwined leakage.
We evaluate the strength of our attack both in the Hamming weight model and against two implementations running on an STM32F303 ARM Cortex-M4 hosted on a ChipWhisperer target board, showing that our attack reduces the number of traces required to attack SKINNY by a factor of around 2.75.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Nicolas Costes, Martijn Stam
This work is licensed under a Creative Commons Attribution 4.0 International License.