CryptoDB
Low Trace-Count Template Attacks on 32-bit Implementations of ASCON AEAD
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | The recently adopted Ascon standard by NIST offers a lightweight authenticated encryption algorithm for use in resource-constrained cryptographic devices. To help assess side-channel attack risks of Ascon implementations, we present the first template attack based on analyzing power traces, recorded from an STM32F303 microcontroller board running Weatherley’s 32-bit implementations of Ascon-128. Our analysis combines a fragment template attack with belief-propagation and key-enumeration techniques. The main results are three-fold: (1) we reached 100% success rate from a single trace if the C compiler optimized the unmasked implementation for space, (2) the success rate was about 95% after three traces if the compiler optimized instead for time, and (3) we also attacked a masked version, where the success rate was over 90% with 20 traces of executions with the same key, all after enumerating up to 224 key candidates. These results show that suitably-designed template attacks can pose a real threat to Ascon implementations, even if protected by first-order masking, but we also learnt how some differences in programming style, and even compiler optimization settings, can significantly affect the result. |
BibTeX
@article{tches-2023-33351,
title={Low Trace-Count Template Attacks on 32-bit Implementations of ASCON AEAD},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2023, Issue 4},
pages={344-366},
url={https://tches.iacr.org/index.php/TCHES/article/view/11169},
doi={10.46586/tches.v2023.i4.344-366},
author={Shih-Chun You and Markus G. Kuhn and Sumanta Sarkar and Feng Hao},
year=2023
}