Classical and Physical Security of Symmetric Key Cryptographic Algorithms

About This Book
Contents
1 Introduction
	1.1 Context and Motivation
	1.2 Research Directions
		1.2.1 Cipher Design and Classical Cryptanalysis
		1.2.2 Realization/Mapping
		1.2.3 Physical Attack and Countermeasure
	1.3 Standardization of Ciphers
	1.4 Organization
	References
2 Fundamentals of Symmetric Key Cryptography
	2.1 Building Blocks
		2.1.1 Boolean Function
		2.1.2 Substitution Box (SBox)
		2.1.3 Linear Layer
	2.2 Primitives
		2.2.1 (Un-keyed) Permutation
		2.2.2 Block Cipher
		2.2.3 Stream Cipher
		2.2.4 Hash Function
		2.2.5 Message Authentication Code (MAC)
		2.2.6 Authenticated Encryption with Associated Data (AEAD)
	2.3 Cipher Families
		2.3.1 Substitution Permutation Network (SPN)
		2.3.2 Feistel Network
		2.3.3 Add–Rotation–XOR (ARX) Construction
	2.4 Description of Exemplary Ciphers
		2.4.1 ADVANCED ENCRYPTION STANDARD (AES)
		2.4.2 PRESENT-80
		2.4.3 GIFT-128
		2.4.4 CHASKEY
	2.5 Formidability of the Attacker
		2.5.1 Conventional Notions of Security
		2.5.2 Power of the Attacker
		2.5.3 Objective of the Attacker
	2.6 Major Classical Attacks
		2.6.1 Differential Attack
		2.6.2 Linear Attack
		2.6.3 Algebraic Attack
		2.6.4 Integral/Cube Attack
		2.6.5 Impossible Differential Attack
	2.7 Device Implementation
	2.8 Additional Topics
		2.8.1 Black Box–Grey Box–White Box Models
		2.8.2 Mixed Integer Linear Programming (MILP)
		2.8.3 Machine Learning (ML)
		2.8.4 Competitions
	References
3 Fault Attack
	3.1 Introduction
	3.2 Fault Models
		3.2.1 Precise Bit Flip
		3.2.2 Single/Multiple Fault Adversary
		3.2.3 Random/Deterministic Fault Model
		3.2.4 Information Theoretic View
		3.2.5 Other Aspects
	3.3 Data Alteration Methods
		3.3.1 Volatility
		3.3.2 Modification of Operation
		3.3.3 Modification of Operand
	3.4 Sources of Fault Injection
	3.5 Analysis Methods
		3.5.1 Difference-Based Fault Analysis
		3.5.2 Collision-Based Fault Analysis
		3.5.3 Statistics-Based Fault Analysis
		3.5.4 Others
	3.6 Generalized Fault Attack Automation Frameworks
		3.6.1 Cipher Level Approaches
		3.6.2 Implementation Level Approaches
	3.7 Countermeasures
		3.7.1 Detection
		3.7.2 Infection
		3.7.3 Prevention
		3.7.4 Re-keying, Tweak and Tweak-in-Plaintext, Masking Plaintext
		3.7.5 Attacks on Countermeasures
		3.7.6 Specialized Countermeasures Against Statistical Ineffective Fault Attack
	References
4 Side Channel Attack
	4.1 Introduction and Background
	4.2 Power Analysis
		4.2.1 Simple Power Analysis
		4.2.2 Differential Power Analysis (DPA)
		4.2.3 Template Attack
		4.2.4 Correlation Power Analysis (CPA)
		4.2.5 Countermeasures
	4.3 Case Study: Side Channel Analysis of CHASKEY
		4.3.1 Practical Attack Setups
		4.3.2 Experimental Results
	References
5 New Insights on Differential and Linear Bounds Using Mixed Integer Linear Programming
	5.1 Introduction
	5.2 Background
		5.2.1 Branch Number to Model SBox (Inscrypt'11)
		5.2.2 Convex Hull to Model SBox—Active SBox Count (Eprint'13)
		5.2.3 Convex Hull to Model SBox—Exact Bound (Eprint'14)
		5.2.4 Redundant Constraints to Reduce Solution Time (Eprint'19)
	5.3 Problem with Convex Hull Modelling
	5.4 Automated Bounds with MILP: Our Proposal
		5.4.1 Modelling
		5.4.2 Optimizations
		5.4.3 Results
	5.5 Conclusion
	5.6 Supplementary Discussion
		5.6.1 Detailed Description on MILP Modelling of XOR
		5.6.2 Illustration with MILP Model for 1-Round Differential Bound for GIFT-128
		5.6.3 Illustration with MILP Model of Previous Constraints for 4-Round Differential Bound for GIFT-128
	References
6 Machine Learning-Assisted Differential Distinguishers for Lightweight Ciphers
	6.1 Introduction
	6.2 Background
		6.2.1 Markov Ciphers
		6.2.2 Gohr's Work on SPECK (CRYPTO'19)
	6.3 Basic Description of the Ciphers
		6.3.1 GIMLI
		6.3.2 ASCON
		6.3.3 KNOT
	6.4 Machine Learning-Based Distinguishers
		6.4.1 Model 1: Multiple Input Differences
		6.4.2 Model 2: One Input Difference
		6.4.3 Comparison with Existing Models
	6.5 Results on Round-Reduced Ciphers
		6.5.1 Gimli (Model 1)
		6.5.2 ASCON and KNOT (Model 1)
		6.5.3 CHASKEY (Model 2)
	6.6 Choice of Machine Learning Model
	6.7 Conclusion and Follow-Up Problems
	References
7 Differential Paradox: How an SBox Plays Against Differential Fault Analysis
	7.1 Introduction
	7.2 Difference Distribution Table-Related Properties
	7.3 Characterizing SBoxes in View of DFA
	7.4 Implication of Our Analysis and Future Work
	References
8 DEFAULT: Cipher-Level Resistance Against Differential Fault Attack
	8.1 Introduction
	8.2 Background
		8.2.1 DFA Models
		8.2.2 DFA Protection
		8.2.3 Feasibility of Cipher-Level Protection Against Faults
		8.2.4 Working Principle for DFA
	8.3 Construction of DFA-Resistant Layer/Cipher
		8.3.1 Ad hoc DFA Protection to Any Cipher (DeFault-Layer)
		8.3.2 Extension to a Full-Fledged Cipher (DeFault)
		8.3.3 Construction of DeFault-Layer
		8.3.4 Construction of DeFault-Core (and DeFault)
	8.4 Design Rationale
		8.4.1 Design Philosophy
		8.4.2 Structure of the DeFault PermBits
		8.4.3 Selection of the DeFault SBoxes
		8.4.4 Unbiased Linear Structures
	8.5 Security Analysis
		8.5.1 Protection Against Differential Fault Attack
		8.5.2 Protection Against Classical Cryptanalysis
		8.5.3 Protection Against Side Channels Attacks
	8.6 Automated Bounds for Differential and Linear Attacks
	8.7 Performance
		8.7.1 Hardware Benchmark
		8.7.2 Software Benchmark
	8.8 Conclusion
	8.9 Supplementary Discussion
	References
9 To Infect or Not to Infect: A Critical Analysis of Infective Countermeasures in Fault Attacks
	9.1 Introduction
	9.2 Background
		9.2.1 Context of Differential Fault Analysis
		9.2.2 Early Countermeasures: Detection-Based
		9.2.3 Evolution of Infective Countermeasures
		9.2.4 Notations and Terminologies
		9.2.5 Necessity and Sufficiency of Randomness
		9.2.6 Scope and Applicability
		9.2.7 Connection with Side Channel Countermeasures
	9.3 Type I Constructions
		9.3.1 Multiplication-Based Constructions
		9.3.2 Derivative-Based Constructions
		9.3.3 New Type I Schemes
		9.3.4 Benchmarking Results for Type I Schemes
	9.4 Type II/Cipher-Level Constructions
		9.4.1 Critical Look at CHES'14 Countermeasure
		9.4.2 Our Patch for LatinCrypt'12 Countermeasure
	9.5 Conclusion
	References
10 A Novel Duplication-Based Countermeasure to Statistical Ineffective Fault Analysis
	10.1 Introduction
	10.2 Fault Attack Preliminaries
		10.2.1 Differential Fault Attack (DFA)
		10.2.2 General Countermeasures Against Fault Attacks
	10.3 Statistical Ineffective Fault Attack (SIFA)
		10.3.1 Duplication-Based Countermeasures and Need for Specialization
		10.3.2 Existing SIFA Countermeasures
	10.4 Our Proposed Solution
		10.4.1 Adopting Inverted Logic to Symmetric Key Ciphers
		10.4.2 Benchmarks
		10.4.3 Evaluation
		10.4.4 Comparison with Existing Countermeasures
		10.4.5 Connection with Side Channel Countermeasures
	10.5 Conclusion
	References
11 Concluding Remarks
	11.1 Synopsis
	11.2 Interesting Problems for Future Research
	References
Index