Paper 2020/1202

Correlation Power Analysis and Higher-order Masking Implementation of WAGE

Yunsi Fei, Guang Gong, Cheng Gongye, Kalikinkar Mandal, Raghvendra Rohit, Tianhong Xu, Yunjie Yi, and Nusa Zidaric

Abstract

WAGE is a hardware-oriented authenticated cipher, which has the smallest (unprotected) hardware cost (for 128-bit security level) among the round 2 candidates of the NIST lightweight cryptography (LWC) competition. In this work, we analyze the security of WAGE against the correlation power analysis (CPA) on ARM Cortex-M4F microcontroller. Our attack detects the secret key leakage from power consumption for up to 12 (out of 111) rounds of the WAGE permutation and requires 10,000 power traces to recover the 128-bit secret key. Motivated by the CPA attack and the low hardware cost of WAGE, we propose the first optimized masking scheme of WAGE in the t-strong non-interference (SNI) security model. We investigate different masking schemes for S-boxes by exploiting their internal structures and leveraging the state-of-the-art masking techniques.To practically demonstrate the effectiveness of masking, we perform the test vector leakage assessment on the 1-order masked WAGE. We evaluate the hardware performance of WAGE for 1, 2, and 3-order security and provide a comparison with other NIST LWC round 2 candidates.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. SAC 2020
Keywords
Authenticated encryptionWAGESide-channel attackCorrelation power analysis
Contact author(s)
rsrohit @ uwaterloo ca
History
2020-10-06: received
Short URL
https://ia.cr/2020/1202
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1202,
      author = {Yunsi Fei and Guang Gong and Cheng Gongye and Kalikinkar Mandal and Raghvendra Rohit and Tianhong Xu and Yunjie Yi and Nusa Zidaric},
      title = {Correlation Power Analysis and Higher-order Masking Implementation of WAGE},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1202},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1202}},
      url = {https://eprint.iacr.org/2020/1202}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.