MODELING SIDE-CHANNEL LEAKAGES FOR THE CRYPTOGRAPHIC ALGORITHMS "MAGMA" AND "KUZNACHIK" BASED ON THE ELMO EMULATOR

Authors

  • V.О. Malyavina
  • Е.А. Maro

Abstract

Analysis of the resistance of implementations of information security tools to attacks via side channels
is a relevant task in the development of cryptographic modules. The first stage in the study of resistance
via side channels is the assessment of the presence of statistical leaks in various parameters of the
operation of devices during the execution of cryptographic algorithms. The universal source, assessed as a
side channel, is the analysis of the energy consumption of the device during cryptographic operations. In
this research the ELMO tool was used to obtain power consumption traces for the Magma and Kuznyechik
encryption algorithms, identify instructions containing statistical power consumption leaks for observed
algorithms. To model the power consumption traces, the GOST R 34.12—2015 encryption algorithm
(n=64 Magma and n=128 Kuznyechik) was implemented in C in ELMO. The full-round version of the
Magma and Kuznechik encryption algorithms consists of 15,400 instructions (of which 4,450 instructions
contain a potential leakage in energy consumption) and 7,167 instructions (of which 4,833 instructions
contain a potential leakage in energy consumption), respectively. The side channel (corresponding to the
processed data) can be identified using a statistical t-test. To perform this task, two independent sets of
device energy consumption traces are formed: traces with a fixed value of the input vectors and traces
with arbitrary (not coinciding with the fixed) values of the input vectors. Power consumption leaks were
modeled for different numbers of Magma and Kuznyechik encryption rounds based on the statistical t-test.
The identified instructions are optimal for subsequent differential or correlation attacks on power consumption
on the observed encryption algorithms. The instructions containing the maximal statistical dependence based on the conducted testing were determined. For the Magma cipher, the instructions added
r3,r4,r3 and ldrb r3,[r3,r1] were identified, for the Kuznyechik cipher - lsls r5,r3,#0x0 and
str r7,[r3,#0x20000888]. The identified instructions are optimal for subsequent differential or correlation
attacks on power consumption on the encryption algorithms under research

References

Downloads

Published

2024-11-10

Issue

No. 5 (2024)

Section

SECTION II. DATA ANALYSIS AND MODELING