Yaacov Belenky, Ira Dushar, Valery Teper, V. Bugaenko, Oleg Karavaev, Leonid Azriel, Yu. G. Kreimer
{"title":"基于载波差分功率分析(CDPA)及其在攻击HMAC-SHA-2中的应用","authors":"Yaacov Belenky, Ira Dushar, Valery Teper, V. Bugaenko, Oleg Karavaev, Leonid Azriel, Yu. G. Kreimer","doi":"10.46586/tches.v2023.i3.1-29","DOIUrl":null,"url":null,"abstract":"In this paper, we introduce Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes that use arithmetical addition. We apply this methodology to attacking HMAC-SHA-2. We provide full mathematical analysis of the method and show that under certain assumptions and with a sufficient amount of traces any key can be revealed. In the experimental part of the paper, we demonstrate successful application of the attack both in software simulation and on an FPGA board using power consumption measurements. With as few as 30K traces measured on the FPGA board, we recover the secrets that allow for forging the HMAC-SHA-2 signature of any message in 3% of the cases — while with 275K traces the success rate reaches 100%. This means that any implementation of HMAC-SHA-2, even in pure parallel hardware, is vulnerable to side-channel attacks, unless it is adequately protected. To the best of our knowledge, this is the first published full-fledged attack on pure hardware implementations of HMAC-SHA-2, which does not require a profiling stage.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"3 1","pages":"1-29"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2\",\"authors\":\"Yaacov Belenky, Ira Dushar, Valery Teper, V. Bugaenko, Oleg Karavaev, Leonid Azriel, Yu. G. Kreimer\",\"doi\":\"10.46586/tches.v2023.i3.1-29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we introduce Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes that use arithmetical addition. We apply this methodology to attacking HMAC-SHA-2. We provide full mathematical analysis of the method and show that under certain assumptions and with a sufficient amount of traces any key can be revealed. In the experimental part of the paper, we demonstrate successful application of the attack both in software simulation and on an FPGA board using power consumption measurements. With as few as 30K traces measured on the FPGA board, we recover the secrets that allow for forging the HMAC-SHA-2 signature of any message in 3% of the cases — while with 275K traces the success rate reaches 100%. This means that any implementation of HMAC-SHA-2, even in pure parallel hardware, is vulnerable to side-channel attacks, unless it is adequately protected. To the best of our knowledge, this is the first published full-fledged attack on pure hardware implementations of HMAC-SHA-2, which does not require a profiling stage.\",\"PeriodicalId\":13186,\"journal\":{\"name\":\"IACR Trans. Cryptogr. Hardw. Embed. Syst.\",\"volume\":\"3 1\",\"pages\":\"1-29\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Trans. Cryptogr. Hardw. Embed. Syst.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tches.v2023.i3.1-29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2023.i3.1-29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2
In this paper, we introduce Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes that use arithmetical addition. We apply this methodology to attacking HMAC-SHA-2. We provide full mathematical analysis of the method and show that under certain assumptions and with a sufficient amount of traces any key can be revealed. In the experimental part of the paper, we demonstrate successful application of the attack both in software simulation and on an FPGA board using power consumption measurements. With as few as 30K traces measured on the FPGA board, we recover the secrets that allow for forging the HMAC-SHA-2 signature of any message in 3% of the cases — while with 275K traces the success rate reaches 100%. This means that any implementation of HMAC-SHA-2, even in pure parallel hardware, is vulnerable to side-channel attacks, unless it is adequately protected. To the best of our knowledge, this is the first published full-fledged attack on pure hardware implementations of HMAC-SHA-2, which does not require a profiling stage.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
