{"title":"Grøstl和Skein的侧通道分析","authors":"Christina Boura, Sylvain Lévêque, David Vigilant","doi":"10.1109/SPW.2012.13","DOIUrl":null,"url":null,"abstract":"This work provides a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical MAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, we implemented HMAC-Grøstl, HMAC-Skein as well as countermeasure son a 32-bit ARM-based smart card. We also mounted power analysis attacks in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed.","PeriodicalId":201519,"journal":{"name":"2012 IEEE Symposium on Security and Privacy Workshops","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Side-Channel Analysis of Grøstl and Skein\",\"authors\":\"Christina Boura, Sylvain Lévêque, David Vigilant\",\"doi\":\"10.1109/SPW.2012.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This work provides a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical MAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, we implemented HMAC-Grøstl, HMAC-Skein as well as countermeasure son a 32-bit ARM-based smart card. We also mounted power analysis attacks in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed.\",\"PeriodicalId\":201519,\"journal\":{\"name\":\"2012 IEEE Symposium on Security and Privacy Workshops\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Symposium on Security and Privacy Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SPW.2012.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Symposium on Security and Privacy Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2012.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This work provides a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical MAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, we implemented HMAC-Grøstl, HMAC-Skein as well as countermeasure son a 32-bit ARM-based smart card. We also mounted power analysis attacks in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
