Single-Trace Attacks on Keccak

  • Matthias J. Kannwischer Radboud University, Nijmegen, The Netherlands
  • Peter Pessl Graz University of Technology, Austria
  • Robert Primas Graz University of Technology, Austria
Keywords: keccak, side-channel attacks, power analysis, single-trace attacks, belief propagation, post-quantum cryptography

Abstract

Since its selection as the winner of the SHA-3 competition, Keccak, with all its variants, has found a large number of applications. It is, for instance, a common building block in schemes submitted to NIST’s post-quantum cryptography project. In many of these applications, Keccak processes ephemeral secrets. In such a setting, side-channel adversaries are limited to a single observation, meaning that differential attacks are inherently prevented. If, however, such a single trace of Keccak can already be sufficient for key recovery has so far been unknown.
In this paper, we change the above by presenting the first single-trace attack targeting Keccak. Our method is based on soft-analytical side-channel attacks and, thus, combines template matching with message passing in a graphical model of the attacked algorithm. As a straight-forward model of Keccak does not yield satisfactory results, we describe several optimizations for the modeling and the message-passing algorithm. Their combination allows attaining high attack performance in terms of both success rate as well as computational runtime.
We evaluate our attack assuming generic software (microcontroller) targets and thus use simulations in the generic noisy Hamming-weight leakage model. Hence, we assume relatively modest profiling capabilities of the adversary. Nonetheless, the attack can reliably recover secrets in a large number of evaluated scenarios at realistic noise levels. Consequently, we demonstrate the need for countermeasures even in settings where DPA is not a threat.

Published
2020-06-19
How to Cite
Kannwischer, M. J., Pessl, P., & Primas, R. (2020). Single-Trace Attacks on Keccak. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(3), 243-268. https://doi.org/10.13154/tches.v2020.i3.243-268
Section
Articles