Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists

Corentin Verhamme; Gaëtan Cassiers; François-Xavier Standaert

doi:10.1007/978-3-031-25319-5_15

Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists

Corentin Verhamme^*, Gaëtan Cassiers, François-Xavier Standaert

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We investigate the security of the NIST Lightweight Crypto Competition’s Finalists against side-channel attacks. We start with a mode-level analysis that allows us to put forward three candidates (Ascon, ISAP and Romulus-T) that stand out for their leakage properties and do not require a uniform protection of all their computations thanks to (expensive) implementation-level countermeasures. We then implement these finalists and evaluate their respective performances. Our results confirm the interest of so-called leveled implementations (where only the key derivation and tag generation require security against differential power analysis). They also suggest that these algorithms differ more by their qualitative features (e.g., two-pass designs to improve confidentiality with decryption leakage vs. one-pass designs, flexible overheads thanks to masking vs. fully mode-level, easier to implement, schemes) than by their quantitative features, which all improve over the AES and are quite sensitive to security margins against cryptanalysis.

Original language	English
Title of host publication	Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers
Editors	Ileana Buhan, Tobias Schneider
Publisher	Springer, Cham
Pages	290-308
Number of pages	19
ISBN (Electronic)	978-3-031-25319-5
ISBN (Print)	978-3-031-25318-8
DOIs	https://doi.org/10.1007/978-3-031-25319-5_15
Publication status	Published - 29 Jan 2023
Event	21st International Conference on Smart Card Research and Advanced Applications: CARDIS 2022 - Birmingham, United Kingdom Duration: 27 Nov 2022 → 29 Nov 2022 https://events.cs.bham.ac.uk/cardis2022/

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13820 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Smart Card Research and Advanced Applications
Country/Territory	United Kingdom
City	Birmingham
Period	27/11/22 → 29/11/22
Internet address	https://events.cs.bham.ac.uk/cardis2022/

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-25319-5_15

https://dblp.org/rec/conf/cardis/VerhammeCS22

Cite this

Verhamme, C., Cassiers, G., & Standaert, F-X. (2023). Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists. In I. Buhan, & T. Schneider (Eds.), Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers (pp. 290-308). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13820 LNCS). Springer, Cham. https://doi.org/10.1007/978-3-031-25319-5_15

Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists. / Verhamme, Corentin; Cassiers, Gaëtan; Standaert, François-Xavier.

Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. ed. / Ileana Buhan; Tobias Schneider. Springer, Cham, 2023. p. 290-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13820 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Verhamme, C, Cassiers, G & Standaert, F-X 2023, Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists. in I Buhan & T Schneider (eds), Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13820 LNCS, Springer, Cham, pp. 290-308, 21st International Conference on Smart Card Research and Advanced Applications, Birmingham, United Kingdom, 27/11/22. https://doi.org/10.1007/978-3-031-25319-5_15

Verhamme C, Cassiers G, Standaert F-X. Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists. In Buhan I, Schneider T, editors, Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. Springer, Cham. 2023. p. 290-308. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-25319-5_15

Verhamme, Corentin ; Cassiers, Gaëtan ; Standaert, François-Xavier. / Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists. Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. editor / Ileana Buhan ; Tobias Schneider. Springer, Cham, 2023. pp. 290-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d06ab803f8e44ea4aa4a9c3b9d5c5eee,

title = "Analyzing the Leakage Resistance of the NIST{\textquoteright}s Lightweight Crypto Competition{\textquoteright}s Finalists",

abstract = "We investigate the security of the NIST Lightweight Crypto Competition{\textquoteright}s Finalists against side-channel attacks. We start with a mode-level analysis that allows us to put forward three candidates (Ascon, ISAP and Romulus-T) that stand out for their leakage properties and do not require a uniform protection of all their computations thanks to (expensive) implementation-level countermeasures. We then implement these finalists and evaluate their respective performances. Our results confirm the interest of so-called leveled implementations (where only the key derivation and tag generation require security against differential power analysis). They also suggest that these algorithms differ more by their qualitative features (e.g., two-pass designs to improve confidentiality with decryption leakage vs. one-pass designs, flexible overheads thanks to masking vs. fully mode-level, easier to implement, schemes) than by their quantitative features, which all improve over the AES and are quite sensitive to security margins against cryptanalysis.",

author = "Corentin Verhamme and Ga{\"e}tan Cassiers and Fran{\c c}ois-Xavier Standaert",

note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.; 21st International Conference on Smart Card Research and Advanced Applications : CARDIS 2022 ; Conference date: 27-11-2022 Through 29-11-2022",

year = "2023",

month = jan,

day = "29",

doi = "10.1007/978-3-031-25319-5_15",

language = "English",

isbn = "978-3-031-25318-8",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer, Cham",

pages = "290--308",

editor = "Ileana Buhan and Tobias Schneider",

booktitle = "Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers",

url = "https://events.cs.bham.ac.uk/cardis2022/",

}

TY - GEN

T1 - Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists

AU - Verhamme, Corentin

AU - Cassiers, Gaëtan

AU - Standaert, François-Xavier

N1 - DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2023/1/29

Y1 - 2023/1/29

N2 - We investigate the security of the NIST Lightweight Crypto Competition’s Finalists against side-channel attacks. We start with a mode-level analysis that allows us to put forward three candidates (Ascon, ISAP and Romulus-T) that stand out for their leakage properties and do not require a uniform protection of all their computations thanks to (expensive) implementation-level countermeasures. We then implement these finalists and evaluate their respective performances. Our results confirm the interest of so-called leveled implementations (where only the key derivation and tag generation require security against differential power analysis). They also suggest that these algorithms differ more by their qualitative features (e.g., two-pass designs to improve confidentiality with decryption leakage vs. one-pass designs, flexible overheads thanks to masking vs. fully mode-level, easier to implement, schemes) than by their quantitative features, which all improve over the AES and are quite sensitive to security margins against cryptanalysis.

AB - We investigate the security of the NIST Lightweight Crypto Competition’s Finalists against side-channel attacks. We start with a mode-level analysis that allows us to put forward three candidates (Ascon, ISAP and Romulus-T) that stand out for their leakage properties and do not require a uniform protection of all their computations thanks to (expensive) implementation-level countermeasures. We then implement these finalists and evaluate their respective performances. Our results confirm the interest of so-called leveled implementations (where only the key derivation and tag generation require security against differential power analysis). They also suggest that these algorithms differ more by their qualitative features (e.g., two-pass designs to improve confidentiality with decryption leakage vs. one-pass designs, flexible overheads thanks to masking vs. fully mode-level, easier to implement, schemes) than by their quantitative features, which all improve over the AES and are quite sensitive to security margins against cryptanalysis.

UR - http://www.scopus.com/inward/record.url?scp=85148029909&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-25319-5_15

DO - 10.1007/978-3-031-25319-5_15

M3 - Conference paper

SN - 978-3-031-25318-8

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 290

EP - 308

BT - Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers

A2 - Buhan, Ileana

A2 - Schneider, Tobias

PB - Springer, Cham

T2 - 21st International Conference on Smart Card Research and Advanced Applications

Y2 - 27 November 2022 through 29 November 2022

ER -

Analyzing the Leakage Resistance of the NIST’s Lightweight Crypto Competition’s Finalists

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this