Security of Block Ciphers: From Algorithm Design to Hardware Implementation

A comprehensive evaluation of information security analysis spanning the intersection of cryptanalysis and side–channel analysis Written by authors known within the academic cryptography community, this book presents the latest developments in current research Unique in its combination of both algorithmic–level design and hardware–level implementation; this all–round approach – algorithm to implementation covers security from start to completion Deals with AES (Advanced Encryption standard), one of the most used symmetric–key ciphers, which helps the reader to learn the fundamental theory of cryptanalysis and practical applications of side–channel analysis INDICE: 1 Introduction to Block Ciphers 1 .1.1 Block Cipher in Cryptology 1 .1.1.1 Introduction 1 .1.1.2 Symmetric–Key Ciphers 2 .1.1.3 Efficient Block Cipher Design 2 .1.2 Boolean Function and Galois Field 3 .1.2.1 INV, OR, AND, and XOR Operators 3 .1.2.2 Galois Field 4 .1.2.3 Extended Binary Field and Representation of Elements 5 .1.3 Linear and Non–Linear Functions in Boolean Algebra 8 .1.3.1 Linear Functions 8 .1.3.2 Non–Linear Functions 9 .1.4 Linear and Non–Linear Functions in Block Cipher 9 .1.4.1 Non–linear Layer 10 .1.4.2 Linear Layer 12 .1.4.3 Substitution–Permutation Network (SPN) 14 .1.5 Advanced Encryption Standard (AES) 14 .1.5.1 Specification of AES–128 Encryption 14 .1.5.2 AES–128 Decryption 22 .1.5.3 Specification of AES–192 and AES–256 23 .1.5.4 Notations to Describe AES–128 26 .References 28 .2 Introduction to Digital Circuits 29 .2.1 Basics of Modern Digital Circuits 29 .2.1.1 Digital Circuit Design Method 29 .2.1.2 Synchronous–Style Design Flow 30 .2.1.3 Hierarchy in Digital Circuit Design 31 .2.2 Classification of Signals in Digital Circuits 31 .2.2.1 Clock Signal 31 .2.2.2 Reset Signal 32 .2.2.3 Data Signal 34 .2.3 Basics of Digital Logics and Functional Modules 34 .2.3.1 Combinatorial Logics 34 .2.3.2 Sequential Logics 36 .2.3.3 Controller and Datapath Modules 40 .2.4 Memory Modules 44 .2.4.1 Single–Port SRAM 44 .2.4.2 Register File 46 .2.5 Signal Delay and Timing Analysis 47 .2.5.1 Signal Delay 47 .2.5.2 Static Timing Analysis and Dynamic Timing Analysis 49 .2.6 Cost and Performance of Digital Circuits 51 .2.6.1 Area Cost 51 .2.6.2 Latency and Throughput 52 .References 53 .3 Hardware Implementations for Block Ciphers 55 .3.1 Parallel Architecture 55 .3.1.1 Comparison between Serial and Parallel Architectures 56 .3.1.2 Algorithm Optimization for Parallel Architectures 57 .3.2 Loop Architecture 58 .3.2.1 Straightforward (Loop–Unrolled) Architecture 59 .3.2.2 Basic Loop Architecture 60 .3.3 Pipeline Architecture 62 .3.3.1 Pipeline Architecture for Block Ciphers 62 .3.3.2 Advanced Pipeline Architecture for Block Ciphers 62 .3.4 AES Hardware Implementations 65 .3.4.1 Straightforward Implementation for AES–128 65 .3.4.2 Loop Architecture for AES–128 69 .3.4.3 Pipeline Architecture for AES–128 73 .3.4.4 Compact Architecture for AES–128 74 .References 74 .4 Cryptanalysis on Block Ciphers 77 .4.1 Basics of Cryptanalysis 77 .4.1.1 Block Ciphers 77 .4.1.2 Security of Block Ciphers 78 .4.1.3 Attack Models 80 .4.1.4 Complexity of Cryptanalysis 82 .4.1.5 Generic Attacks 82 .4.1.6 Goal of Shortcut Attacks (Cryptanalysis) 86 .4.2 Differential Cryptanalysis 87 .4.2.1 Basic Concept and Definition 87 .4.2.2 Motivation of Differential Cryptanalysis 88 .4.2.3 Probability of Differential Propagation 89 .4.2.4 Deterministic Differential Propagation in Linear Computations 92 .4.2.5 Probabilistic Differential Propagation in Non–Linear Computations 96 .4.2.6 Probability of Differential Propagation for Multiple Rounds 99 .4.2.7 Differential Characteristic for AES Reduced to 3 Rounds 100 .4.2.8 Distinguishing Attack with Differential Characteristic 103 .4.2.9 Key Recovery Attack after Differential Characteristic 104 .4.2.10 Basic Differential Cryptanalysis for 4–Round AES 106 .4.2.11 Advanced Differential Cryptanalysis for 4–Round AES 113 .4.2.12 Preventing Differential Cryptanalysis 118 .4.3 Impossible Differential Cryptanalysis 121 .4.3.1 Basic Concept and Definition 121 .4.3.2 Impossible Differential Characteristic for 3.5–round AES 122 .4.3.3 Key Recovery Attacks for 5–round AES 125 .4.3.4 Key Recovery Attacks for 7–round AES 135 .4.4 Integral Cryptanalysis 143 .4.4.1 Basic Concept 143 .4.4.2 Processing P through Subkey XOR 144 .4.4.3 Processing P through SubBytes Operation 145 .4.4.4 Processing P through ShiftRows Operation 146 .4.4.5 Processing P through MixColumns Operation 146 .4.4.6 Integral Property of AES Reduced to 2.5 Rounds 148 .4.4.7 Balanced Property 149 .4.4.8 Integral Property of AES Reduced to 3 Rounds and Distinguishing .Attack 150 .4.4.9 Key Recovery Attack with Integral Cryptanalysis for 5 Rounds 152 .4.4.10 Higher–Order Integral Property 154 .4.4.11 Key Recovery Attack with Integral Cryptanalysis for 6 Rounds 156 .References 161 .5 Side–Channel Analysis and Fault Analysis on Block Ciphers 163 .5.1 Introduction 163 .5.1.1 Intrusion Degree of Physical Attacks 163 .5.1.2 Passive and Active Non–Invasive Physical Attacks 165 .5.1.3 Cryptanalysis Compared to Side–Channel Analysis and Fault Analysis 166 .5.2 Basics of Side–Channel Analysis 168 .5.2.1 Side Channels of Digital Circuits 168 .5.2.2 Goal of Side–Channel Analysis 169 .5.2.3 General Procedures of Side–Channel Analysis 170 .5.2.4 Profiling vs Non–Profiling Side–Channel Analysis 171 .5.2.5 Divide–and–Conquer Algorithm 172 .5.3 Side–Channel Analysis on Block Ciphers 175 .5.3.1 Power Consumption Measurement in Power Analysis 175 .5.3.2 Simple Power Analysis and Differential Power Analysis 179 .5.3.3 General Key Recovery Algorithm for DPA 180 .5.3.4 Overview of Attack Targets 185 .5.3.5 Single–Bit DPA Attack on AES–128 Hardware Implementations 197 .5.3.6 Attacks Using HW Model on AES–128 Hardware Implementations 203 .5.3.7 Attacks Using HD Model on AES–128 Hardware Implementations 211 .5.3.8 Attacks With Collision Model 218 .5.4 Basics of Fault Analysis 224 .5.4.1 Faults Caused by Setup–Time Violations 224 .5.4.2 Faults Caused by Data Alternation 228 .5.5 Fault Analysis on Block Ciphers 229 .5.5.1 Differential Fault Analysis 229 .5.5.2 Fault Sensitivity Analysis 236 .References 244 .6 Advanced Fault Analysis with Techniques from Cryptanalysis 247 .6.1 Optimized Differential Fault Analysis 248 .6.1.1 Relaxing Fault Model 248 .6.1.2 Four Classes of Faulty Byte Positions 249 .6.1.3 Recovering Subkey Candidates of sk10 250 .6.1.4 Attack Procedure 252 .6.1.5 Probabilistic Fault Injection 254 .6.1.6 Optimized DFA with the MixColumns Operation in the Last Round 255 .6.1.7 Countermeasures against DFA and Motivation of Advanced DFA 259 .6.2 Impossible Differential Fault Analysis 260 .6.2.1 Fault Model 261 .6.2.2 Impossible DFA with Unknown Faulty Byte Positions 261 .6.2.3 Impossible DFA with Fixed Faulty Byte Position 267 .6.3 Integral Differential Fault Analysis 269 .6.3.1 Fault Model 269 .6.3.2 Integral DFA with Bit Fault Model 270 .6.3.3 Integral DFA with Random Byte Fault Model 275 .6.3.4 Integral DFA with Noisy Random Byte Fault Model 278 .6.4 Meet–in–the–Middle Fault Analysis 284 .6.4.1 Meet–in–the–Middle Attack on Block Ciphers 284 .6.4.2 Meet–in–the–Middle Attack for Differential Fault Analysis 288 .References 293 .7 Countermeasures against Side–Channel Analysis and Fault Analysis 295 .7.1 Logic–Level Hiding Countermeasures 296 .7.1.1 Overview of Hiding Countermeasure with WDDL Technique 296 .7.1.2 WDDL–NAND Gate 299 .7.1.3 WDDL–NOR and WDDL–INV Gates 300 .7.1.4 Precharge Logic for WDDL Technique 300 .7.1.5 Intrinsic Fault Detection Mechanism of WDDL 302 .7.2 Logic–Level Masking Countermeasures 304 .7.2.1 Overview of Masking Countermeasure 304 .7.2.2 Operations on Values with Boolean Masking 305 .7.2.3 Re–masking and Unmasking 305 .7.2.4 Masked AND Gate 307 .7.2.5 Random Switching Logic 309 .7.2.6 Threshold Implementation 310 .7.3 Higher–Level Countermeasures 315 .7.3.1 Algorithm–Level Countermeasures 315 .7.3.2 Architecture–Level Countermeasures 320 .7.3.3 Protocol–Level Countermeasure 321 .References 322

• ISBN: 978-1-118-66001-0
• Editorial: Wiley–Blackwell
• Encuadernacion: Cartoné
• Páginas: 304
• Fecha Publicación: 02/10/2015
• Nº Volúmenes: 1
• Idioma: Inglés