Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)


Side-Channel Analysis (SCA) represents a serious threat to the security of millions of smart devices that form part of the so-called Internet of Things (IoT). Choosing the “right” cryptographic primitive for the IoT is a highly challenging task due to the resource constraints of IoT devices and the variety of primitives. An important criterion to assess the suitability of a lightweight cipher with respect to SCA is the amount of leakage available to an adversary. In this paper, we analyze the efficiency of different selection functions that are commonly used in Correlation Power Analysis (CPA) attacks on symmetric primitives. To this end, we attacked implementations of the lightweight block ciphers AES, Fantomas, LBlock, Piccolo, PRINCE, RC5, Simon, and Speck on an 8-bit AVR processor. By exploring the relation between the nonlinearity of the studied selection functions and the measured leakages, we discovered some imperfections when using nonlinearity to quantify the resilience against CPA. Then, we applied these findings in an evaluation of the “intrinsic” CPA-resistance of unprotected implementations of the eight mentioned ciphers. We show that certain implementation aspects can influence the leakage level and try to explain why. Our results shed new light on the resilience of basic operations executed by these ciphers against CPA and help to bridge the gap between theory and practice.


CPA Selection function Leakage Nonlinearity 



We thank Yann Le Corre and André Stemper for their help with the measurement setup. The work of Daniel Dinu is supported by the CORE project ACRYPT (ID C12-15-4009992) funded by the Fonds National de la Recherche (FNR) Luxembourg.

Supplementary material


  1. 1.
    Banciu, V., Oswald, E., Whitnall, C.: Exploring the resilience of some lightweight ciphers against profiled single trace attacks. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2015. LNCS, vol. 9064, pp. 51–63. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  2. 2.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. IACR Cryptology ePrint Archive (2013)Google Scholar
  3. 3.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: SIMON and SPECK: Block Ciphers for the Internet of Things. In: NIST Lightweight Cryptography Workshop (2015)Google Scholar
  4. 4.
    Benoît, O., Peyrin, T.: Side-channel analysis of six SHA-3 candidates. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 140–157. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Bhasin, S., Graba, T., Danger, J.-L., Najm, Z.: A Look into SIMON from a side-channel perspective. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 56–59. IEEE (2014)Google Scholar
  6. 6.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – A low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Carlet, C.: On highly nonlinear S-boxes and their inability to thwart DPA attacks. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 49–62. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Chakraborty, K., Maitra, S., Sarkar, S., Mazumdar, B., Mukhopadhyay, D., Prouff, E.: Redefining the Transparency Order. Cryptology ePrint Archive, Report 2014/367 (2014)Google Scholar
  10. 10.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    CryptoLUX Team.FELICS – Fair Evaluation of Lightweight Cryptographic Systems (2015).
  12. 12.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES-The Advanced Encryption Standard. Springer Science & Business Media (2013)Google Scholar
  13. 13.
    Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of Lightweight Block Ciphers for the Internet of Things. Cryptology ePrint Archive, Report 2015/209 (2015).
  14. 14.
    Evans, D.: The Internet of Things: How the Next Evolution of the Internet is Changing Everything.Cisco IBSG white paper (2011).
  15. 15.
    Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383–399. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  16. 16.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: Bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015)Google Scholar
  18. 18.
    Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Quisquater, J.-J., et al. (eds.) CARDIS 2004. IFIP, vol. 153, pp. 127–142. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Guilley, S., Hoogvorst, P., Pacalet, R., Schmidt, J.: Improving side-channel attacks by exploiting substitution boxes properties. In: International Workshop on Boolean Functions: Cryptographyand Applications, pp. 1–25 (2007)Google Scholar
  20. 20.
    Journault, A., Standaert, F.-X., Varici, K.: Improving the Security and Efficiency of Block Ciphers based on LS-Designs. Designs, Codes and Cryptography (2016)Google Scholar
  21. 21.
    Joye, M., Olivier, F.: Side-channel analysis. In: Encyclopedia of Cryptography and Security, pp. 1198–1204 (2011)Google Scholar
  22. 22.
    Kasper, T., Oswald, D., Paar, C.: Sweet dreams and nightmares: security in the internet of things. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 1–9. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  25. 25.
    Lemke, K., Schramm, K., Paar, C.: DPA on n-bit sized boolean and arithmetic operations and its application to IDEA, RC6, and the HMAC-construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Mather, L., Oswald, E., Whitnall, C.: Multi-target DPA attacks: pushing DPA beyond the limits of a desktop computer. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 243–261. Springer, Heidelberg (2014)Google Scholar
  27. 27.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  28. 28.
    Matsui, M.: New block encryption algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54–68. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  29. 29.
    NIST. Advanced Encryption Standard (AES). Federal Information Processing Standards Publication (FIPS) 197, 2001Google Scholar
  30. 30.
    Piret, G., Roche, T., Carlet, C.: PICARO – A block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  31. 31.
    Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Rivest, R.L.: The RC5 encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  33. 33.
    Selvam, R., Shanmugam, D., Annadurai, S.: Vulnerability analysis of PRINCE and RECTANGLE using CPA. In: ACM Workshop on Cyber-Physical System Security, pp. 81–87 (2015)Google Scholar
  34. 34.
    Shanmugam, D., Selvam, R., Annadurai, S.: Differential power analysis attack on SIMON and LED block ciphers. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds.) SPACE 2014. LNCS, vol. 8804, pp. 110–125. Springer, Heidelberg (2014)Google Scholar
  35. 35.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  36. 36.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  37. 37.
    Wu, W., Zhang, L.: LBlock: A lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  38. 38.
    Zohner, M., Kasper, M., Stöttinger, M.: Butterfly-attack on Skein’s modular addition. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 215–230. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  39. 39.
    Zohner, M., Kasper, M., Stöttinger, M., Huss, S.: Side channel analysis of the SHA-3 finalists. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1012–1017. IEEE (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.SnTUniversity of LuxembourgLuxembourgLuxembourg

Personalised recommendations