Differential Power Analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming Weight Model

  • Sonia BelaïdEmail author
  • Luk Bettale
  • Emmanuelle Dottax
  • Laurie Genelle
  • Franck Rondepierre
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 554)


As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2004, Lemke et al. fully described a differential power attack on HMAC with RIPEMD-160 in the Hamming weight leakage model, and mentioned a possible extension to SHA-1. Later in 2007, McEvoy et al. proposed an attack against HMAC with hash functions from the SHA-2 family, that works in the Hamming distance leakage model. This attack makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted implementation. Furthermore, we give a full description of an extension of this attack to HMAC SHA-1. We also provide a careful study of the protections to develop in order to minimize the impact of the security on the performances.


HMAC Side channel analysis Differential power analysis Hamming weight SHA-1 SHA-2 



The authors wish to thank Christophe Giraud for helpful discussions, and anonymous referees of a previous version of this work for their valuable comments.


  1. 1.
    Arkko, J., Haverinen, H.: RFC 4187: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) (2006)Google Scholar
  2. 2.
    Belaïd, S., Bettale, L., Dottax, E., Genelle, L., Rondepierre, F.: Differential power analysis of HMAC SHA-2 in the Hamming weight model. In: Samarati, P. (ed.) SECRYPT, SECRYPT is Part of ICETE - The International Joint Conference on e-Business and Telecommunications, pp. 230–241. SciTePress, USA (2013)Google Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996) Google Scholar
  4. 4.
    Bertoni, G., Daemen, J., Debande, N., Le, T.H., Peeters, M., Van Assche, G.: Power Analysis of Hardware Implementations Protected with Secret Sharing. IACR Cryptology ePrint Archive Report 2013/67 (2013). A preliminary version appeared at MICROW’12 [5]
  5. 5.
    Bertoni, G., Daemen, J., Debande, N., Le, T. H., Peeters, M., Van Assche, G.: Power analysis of hardware implementations protected with secret sharing. In: 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops (MICROW), pp. 9–16. IEEE Computer Society (2012)Google Scholar
  6. 6.
    Bettale, L., Dottax, E., Genelle, L., Piret, G.: Collision-correlation attack against a first-order masking scheme for MAC based on SHA-3. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 129–143. Springer, Heidelberg (2014) Google Scholar
  7. 7.
    Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski Jr., B., Koç, Ç., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. LNCS, vol. 2523, pp. 13–29. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990) Google Scholar
  9. 9.
    FIPS 198–1: The Keyed-Hash Message Authentication Code (HMAC). National Institute of Standards and Technology, July 2008Google Scholar
  10. 10.
    Fouque, P.-A., Leurent, G., Réal, D., Valette, F.: Practical electromagnetic template attack on HMAC. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 66–80. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    Gauravaram, P., Okeya, K.: An update on the side channel cryptanalysis of MACs based on cryptographic hash functions. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 393–403. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  12. 12.
    Gauravaram, P., Okeya, K.: Side channel analysis of some hash based MACs: a response to SHA-3 requirements. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 111–127. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  13. 13.
    Golić, J.D.: Techniques for random masking in hardware. IEEE Trans. Circ. Syst. I 54(2), 291–300 (2007)CrossRefGoogle Scholar
  14. 14.
    Haverinen, H., Salowey, J.: RFC 4186: Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) (2006)Google Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) Google Scholar
  16. 16.
    Lemke, K., Schramm, K., Paar, C.: DPA on n-bit sized Boolean and arithmetic operations and its application to IDEA, RC6, and the HMAC-Construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  17. 17.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smartcards. Springer, US (2007) Google Scholar
  18. 18.
    McEvoy, R., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential power analysis of HMAC based on SHA-2, and countermeasures. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317–332. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  19. 19.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990) Google Scholar
  20. 20.
    Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  21. 21.
    Okeya, K.: Side channel attacks against HMACs based on block-cipher based hash functions. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432–443. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  22. 22.
    Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  23. 23.
    Taha, M., Schaumont, P.: Side-channel analysis of MAC-Keccak. In: IEEE International Symposium on Hardware-Oriented Security and Trust - HOST 2013. IEEE Computer Society (2013)Google Scholar
  24. 24.
    Zhang, F., Shi, Z. J.: Differential and correlation power analysis attacks on HMAC-Whirlpool. In: ITNG 2011, pp. 359–365. IEEE Computer Society (2011)Google Scholar
  25. 25.
    Zohner, M., Kasper, M., Stöttinger, M., Huss, S.A.: Side channel analysis of the SHA-3 finalists. In: Rosenstiel, W., Thiele, L. (eds.) Design, Automation & Test in Europe Conference & Exhibition, DATE 2012, pp. 1012–1017. IEEE Computer Society, USA (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Sonia Belaïd
    • 2
    • 3
    Email author
  • Luk Bettale
    • 1
  • Emmanuelle Dottax
    • 1
  • Laurie Genelle
    • 1
  • Franck Rondepierre
    • 1
  1. 1.Oberthur TechnologiesColombesFrance
  2. 2.École Normale SupérieureParisFrance
  3. 3.Thales Communications and SecurityGennevilliersFrance

Personalised recommendations