Combined Cache Timing Attacks and Template Attacks on Stream Cipher MUGI

  • Shaoyu DuEmail author
  • Zhenqi Li
  • Bin Zhang
  • Dongdai Lin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


The stream cipher MUGI was proposed by Hitachi, Ltd. in 2002 and it was specified as ISO/IEC 18033-4 for keystream generation. Assuming that noise-free cache timing measurements are possible, we give the cryptanalysis of MUGI under the cache attack model. Our simulation results show that we can reduce the computation complexity of recovering all the 1216-bits internal state of MUGI to about O(276) when it is implemented in processors with 64-byte cache line. The attack reveals some new inherent weaknesses of MUGI’s structure. The weaknesses can also be used to conduct a noiseless template attack of O(260.51) computation complexity to restore the state of MUGI. And then combining these two attacks we can conduct a key-recovery attack on MUGI with about O(230) computation complexity. To the best of our knowledge, it is the first time that the analysis of cache timing attacks and template attacks are applied to full version of MUGI and that these two classes of attacks are combined to attack some cipher. Moreover, the combination can be used to improve the error-tolerance capability of each attack. If each measurement has one additional error, the key-recovery attack will take about O(250) computation complexity.


Stream cihper MUGI analytical side-channel attacks cache timing attacks template attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zenner, E.: A cache timing analysis of HC-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 199–213. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Berstein, D.: Cache timing attacks on AES (2005),
  3. 3.
    Osvik, D., Shmir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES (2005),
  4. 4.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Neve, M., Seifert, J., Wang, Z.: A refined look at Bersein’s AES side-channel analysis. In: Proc. ASIACCS 2006, p. 369. ACM, New York (2006)Google Scholar
  6. 6.
    Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Eisenbarth, T., Paar, C., Wienecke, M.: Differential cache-collision timing attacks on AES with applications to embedded CPUs. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 235–251. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Blömer, J., Krummel, V.: Analysis of countermeasures against access driven cache attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 96–109. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Gregor, L., Erik, Z., Philip, H.: Cache timing analysis of LFSR-Based stream ciphers. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 433–445. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Watanabe, D., Furuya, S., Yoshida, H., Takaragi, K., Preneel, B.: A new keystream generator MUGI. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 179–194. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Golić, J.D.: A weakness of the linear part of stream cipher MUGI. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 178–192. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Biryukov, A., Shamir, A.: Analysis of the non-linear part of MUGI. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 320–329. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Matt, H., Ed, D.: Rekeying issues in the MUGI stream cipher. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 175–188. Springer, Heidelberg (2006)Google Scholar
  14. 14.
    Takahashi, J., Fukunaga, T., Sakiyama, K.: Fault analysis of stream cipher MUGI. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 420–434. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Paul, G., Raizada, S.: Impact of extending side channel attack on cihper variants: A case study with the HC series of stream ciphers. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, vol. 7644, pp. 32–44. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Suresh, C., Josyula, R., Pankaj, R.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Archambeau, C., Peeters, E., Standaert, F., Quisquater, J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Shize, G., Xinjie, Z., Fan, Z., Tao, W., Shi, Z., Standaert, F., Chujiao, M.: Exploiting the incomplete diffusion feature: A specialized analytical side-channel attack against the AES and its application to microcontroller implementations. IEEE Transactions on Information Forensics and Security 9(6), 999–1014 (2014)CrossRefGoogle Scholar
  19. 19.
    Standaert, F., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Fouque, P.-A., Leurent, G., Réal, D., Valette, F.: Practical electromagnetic template attack on HMAC. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 66–80. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 667–684. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Itai, D.: Generic analysis of small cryptographic leaks. In: FDTC (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Shaoyu Du
    • 1
    • 4
    Email author
  • Zhenqi Li
    • 1
  • Bin Zhang
    • 1
    • 2
  • Dongdai Lin
    • 3
  1. 1.Trusted Computing and Information Assurance Laboratory, Institute of SoftwareChinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Computer Science, Institute of SoftwareChinese Academy of SciencesBeijingChina
  3. 3.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  4. 4.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations