Consecutive S-box lookups: A timing attack on SNOW 3G

Billy Bob Brumley, Risto M. Hakala, Kaisa Nyberg, Sampo Sovio

Tutkimustuotos: KonferenssiartikkeliScientificvertaisarvioitu

13 Sitaatiot (Scopus)


We present a cache-timing attack on the SNOW 3G stream cipher. The attack has extremely low complexity and we show it is capable of recovering the full cipher state from empirical timing data in a matter of seconds, requiring no known keystream and only observation of a small number of cipher clocks. The attack exploits the cipher using the output from an S-box as input to another S-box: we show that the corresponding cache-timing data almost uniquely determines said S-box input. We mention other ciphers with similar structure where this attack applies, such as the K2 cipher currently under standardization consideration by ISO. Our results yield new insights into the secure design and implementation of ciphers with respect to side-channels. We also give results of a bit-slice implementation as a countermeasure.

OtsikkoInformation and Communications Security - 12th International Conference, ICICS 2010, Proceedings
DOI - pysyväislinkit
TilaJulkaistu - 1 jouluk. 2010
Julkaistu ulkoisestiKyllä
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
Tapahtuma2010 International Conference on Information and Communications Security, ICICS 2010 - Barcelona, Espanja
Kesto: 15 jouluk. 201017 jouluk. 2010


NimiLecture Notes in Computer Science
ISSN (painettu)0302-9743
ISSN (elektroninen)1611-3349


Conference2010 International Conference on Information and Communications Security, ICICS 2010


  • Jufo-taso 1

!!ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Sukella tutkimusaiheisiin 'Consecutive S-box lookups: A timing attack on SNOW 3G'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä