Consecutive S-box lookups: A timing attack on SNOW 3G

Billy Bob Brumley, Risto M. Hakala, Kaisa Nyberg, Sampo Sovio

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

13 Citations (Scopus)

Abstract

We present a cache-timing attack on the SNOW 3G stream cipher. The attack has extremely low complexity and we show it is capable of recovering the full cipher state from empirical timing data in a matter of seconds, requiring no known keystream and only observation of a small number of cipher clocks. The attack exploits the cipher using the output from an S-box as input to another S-box: we show that the corresponding cache-timing data almost uniquely determines said S-box input. We mention other ciphers with similar structure where this attack applies, such as the K2 cipher currently under standardization consideration by ISO. Our results yield new insights into the secure design and implementation of ciphers with respect to side-channels. We also give results of a bit-slice implementation as a countermeasure.

Original languageEnglish
Title of host publicationInformation and Communications Security - 12th International Conference, ICICS 2010, Proceedings
Pages171-185
Number of pages15
DOIs
Publication statusPublished - 1 Dec 2010
Externally publishedYes
Publication typeA4 Article in conference proceedings
Event2010 International Conference on Information and Communications Security, ICICS 2010 - Barcelona, Spain
Duration: 15 Dec 201017 Dec 2010

Publication series

NameLecture Notes in Computer Science
Volume6476
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2010 International Conference on Information and Communications Security, ICICS 2010
Country/TerritorySpain
CityBarcelona
Period15/12/1017/12/10

Keywords

  • cache-timing attacks
  • side-channel attacks
  • stream ciphers

Publication forum classification

  • Publication forum level 1

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Consecutive S-box lookups: A timing attack on SNOW 3G'. Together they form a unique fingerprint.

Cite this