Side-Channel Analysis of Six SHA-3 Candidates

  • Olivier Benoît
  • Thomas Peyrin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)


In this paper we study six 2nd round SHA-3 candidates from a side-channel cryptanalysis point of view. For each of them, we give the exact procedure and appropriate choice of selection functions to perform the attack. Depending on their inherent structure and the internal primitives used (Sbox, addition or XOR), some schemes are more prone to side channel analysis than others, as shown by our simulations.


side-channel hash function cryptanalysis HMAC SHA-3 


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Jr., et al. (eds.) [22], pp. 29–45.Google Scholar
  2. 2.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE. Submission to NIST (2008)Google Scholar
  4. 4.
    Bellare, M.: New Proofs for NMAC and HMAC: Security Without Collision-Resistance. Cryptology ePrint Archive, Report 2006/043 (2006),
  5. 5.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of Cipher Block Chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–355. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO. Submission to NIST (2008),
  8. 8.
    Benadjila, R., Billet, O., Gueron, S., Robshaw, M.J.B.: The Intel AES Instructions Set and the SHA-3 Candidates. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 162–178. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Bernstein, D.J.: CubeHash specification (2.B.1). Submission to NIST, Round 2 (2009)Google Scholar
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Radiogatun, a belt-and-mill hash function. Presented at Second Cryptographic Hash Workshop, Santa Barbara, August 24-25 (2006),
  11. 11.
    Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function. Submission to NIST, Round 2 (2009),
  12. 12.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)zbMATHGoogle Scholar
  13. 13.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, Quisquater (eds.) [21], pp. 16–29Google Scholar
  14. 14.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard (ed.) [12], pp. 416–427Google Scholar
  15. 15.
    FIPS 197. Advanced Encryption Standard. Federal Information Processing Standards Publication 197, U.S. Department of Commerce/N.I.S.T. (2001)Google Scholar
  16. 16.
    FIPS 46-3. Data Encryption Standard. Federal Information Processing Standards Publication, U.S. Department of Commerce/N.I.S.T. (1999)Google Scholar
  17. 17.
    Fouque, P.-A., Leurent, G., Réal, D., Valette, F.: Practical Electromagnetic Template Attack on HMAC. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 66–80. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST (2008),
  19. 19.
    Gauravaram, P., Okeya, K.: An Update on the Side Channel Cryptanalysis of MACs Based on Cryptographic Hash Functions. In: Srinathan, K., Pandu Rangan, C., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 393–403. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Golic, J.D., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Jr, et al. (eds.) [22], pp. 198–212Google Scholar
  21. 21.
    Joye, M., Quisquater, J.-J. (eds.): CHES 2004, MA, USA, August 11-13. LNCS, vol. 3156. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  22. 22.
    Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003)Google Scholar
  23. 23.
  24. 24.
    Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl Hash Functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  26. 26.
    Könighofer, R.: A Fast and Cache-Timing Resistant Implementation of the AES. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 187–202. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Lemke, K., Schramm, K., Paar, C.: DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction. In: Joye, Quisquater (eds.) [21], pp. 205–219Google Scholar
  28. 28.
    McEvoy, R.P., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317–332. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard (ed.) [12], pp. 428–446Google Scholar
  30. 30.
    National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard (April 1995),
  31. 31.
    National Institute of Standards and Technology. FIPS PUB 197, Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, U.S. Department of Commerce (2001)Google Scholar
  32. 32.
    National Institute of Standards and Technology. Announcing Request for Candidate Algorithm Nominations for a NewCryptographic Hash Algorithm (SHA-3) Family. Federal Register, 27(212):62212–62220 (November 2007), (2008/10/17)
  33. 33.
    NIST. FIPS 198 – The Keyed-Hash Message Authentication Code (HMAC) (2002)Google Scholar
  34. 34.
    Okeya, K.: Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432–443. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  35. 35.
    Kücük, Ö.: The Hash Function Hamsi. Submission to NIST (updated) (2009)Google Scholar
  36. 36.
    Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm (April 1992),
  37. 37.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  38. 38.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Olivier Benoît
    • 1
  • Thomas Peyrin
    • 1
  1. 1.IngenicoFrance

Personalised recommendations