Combined Cache Timing Attacks and Template Attacks on Stream Cipher MUGI
The stream cipher MUGI was proposed by Hitachi, Ltd. in 2002 and it was specified as ISO/IEC 18033-4 for keystream generation. Assuming that noise-free cache timing measurements are possible, we give the cryptanalysis of MUGI under the cache attack model. Our simulation results show that we can reduce the computation complexity of recovering all the 1216-bits internal state of MUGI to about O(276) when it is implemented in processors with 64-byte cache line. The attack reveals some new inherent weaknesses of MUGI’s structure. The weaknesses can also be used to conduct a noiseless template attack of O(260.51) computation complexity to restore the state of MUGI. And then combining these two attacks we can conduct a key-recovery attack on MUGI with about O(230) computation complexity. To the best of our knowledge, it is the first time that the analysis of cache timing attacks and template attacks are applied to full version of MUGI and that these two classes of attacks are combined to attack some cipher. Moreover, the combination can be used to improve the error-tolerance capability of each attack. If each measurement has one additional error, the key-recovery attack will take about O(250) computation complexity.
KeywordsStream cihper MUGI analytical side-channel attacks cache timing attacks template attacks
Unable to display preview. Download preview PDF.
- 2.Berstein, D.: Cache timing attacks on AES (2005), http://cr.yp.to/papaers.html#cachetiming
- 3.Osvik, D., Shmir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES (2005), http://eprint.iacr.org/2005/271.pdf
- 5.Neve, M., Seifert, J., Wang, Z.: A refined look at Bersein’s AES side-channel analysis. In: Proc. ASIACCS 2006, p. 369. ACM, New York (2006)Google Scholar
- 13.Matt, H., Ed, D.: Rekeying issues in the MUGI stream cipher. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 175–188. Springer, Heidelberg (2006)Google Scholar
- 18.Shize, G., Xinjie, Z., Fan, Z., Tao, W., Shi, Z., Standaert, F., Chujiao, M.: Exploiting the incomplete diffusion feature: A specialized analytical side-channel attack against the AES and its application to microcontroller implementations. IEEE Transactions on Information Forensics and Security 9(6), 999–1014 (2014)CrossRefGoogle Scholar
- 22.Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Heidelberg (2014)Google Scholar
- 24.Itai, D.: Generic analysis of small cryptographic leaks. In: FDTC (2010)Google Scholar