On the Security of NOEKEON against Side Channel Cube Attacks

  • Shekh Faisal Abdul-Latip
  • Mohammad Reza Reyhanitabar
  • Willy Susilo
  • Jennifer Seberry
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6047)


In this paper, we investigate the security of the NOEKEON block cipher against side channel cube attacks. NOEKEON was proposed by Daemen et al. for the NESSIE project. The block size and the key size are both 128 bits. The cube attack, introduced by Dinur and Shamir at EUROCRYPT 2009, is a new type of algebraic cryptanalysis. The attack may be applied if the adversary has access to a single bit of information that can be represented by a low degree multivariate polynomial over GF(2) of secret and public variables. In the side channel attack model, the attacker is assumed to have access to some leaked information about the internal state of the cipher as well as the plaintext and ciphertext. Adopting the notion of a single bit leakage as formalized by Dinur and Shamir, we assume that the attacker has only one bit of information about the intermediate state after each round. Using this side channel attack model, we show that it is possible to extract 60 independent linear equations over 99 (out of 128) key variables. To recover the whole 128-bit key, the attack requires only about 210 chosen plaintext and O(268) time complexity.


Algebraic cryptanalysis block ciphers cube attacks NOEKEON side channel attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Biham, B., Knudsen, L.: Serpent: A Proposal for the Advanced Encryption Standard. In: First Advanced Encryption Standard (AES) Conference (1998)Google Scholar
  2. 2.
    Aumasson, J.-P., Dinur, I., Meier, W., Shamir, A.: Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium. In: Dunkelman, O. (ed.) Fast Software Encryption. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 229–246. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Blum, M., Luby, M., Rubinfield, R.: Self-Testing/Correcting with Application to Numerical Problems. In: STOC, pp. 73–83. ACM, New York (1990)Google Scholar
  5. 5.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    De Cannière, C., Preneel, B.: TRIVIUM. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael. Technical Evaluation, CD-1: Documentation (1998)Google Scholar
  8. 8.
    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie Proposal: NOEKEON. In: First Open NESSIE Workshop (2000), http://gro.noekeon.org
  9. 9.
    Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive, Report 2009/127 (2009), http://eprint.iacr.org/2009/127
  11. 11.
    Fraenkel, A.S., Yesha, Y.: Complexity of Problems in Games, Graphs, and Algebraic Equations. Discr. Appl. Math. 1, 15–30 (1979)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 243–319. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Mangard, S.: Hardware countermeasures against DPA – A statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Rivest, R., Agre, B., Bailey, D.V., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 Hash Function - A Proposal to NIST for SHA-3, http://groups.csail.mit.edu/cis/md6/
  15. 15.
    Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Miyaji, A., Echizen, I., Okamoto, T. (eds.) CANS 2009. LNCS, vol. 5888, pp. 379–391. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Shekh Faisal Abdul-Latip
    • 1
    • 2
  • Mohammad Reza Reyhanitabar
    • 1
  • Willy Susilo
    • 1
  • Jennifer Seberry
    • 1
  1. 1.Center for Computer and Information Security Research, School of Computer Science and Software EngineeringUniversity of WollongongAustralia
  2. 2.Faculty of Information and Communication TechnologyUniversiti Teknikal Malaysia MelakaMalaysia

Personalised recommendations