부산대학교 도서관

Side Channel Analysis (SCA) is among the newly emerged threats to small scale devices performing a cryptographic operation. While such analysis is well studied against the block ciphers, we observe that the stream cipher counterpart is not that much explored. We propose novel modelling that can work with a number of stream ciphers and related constructions. We show practical state/key recovery attacks on the lightweight ciphers, LIZARD, PLANTLET and GRAIN-128-AEAD. We consider the software platform (where the Hamming weight leakage is available) as well as the hardware platform (where the Hamming distance leakage is available). Through the modelling of Satisfiability Modulo Theory (SMT), we show that the solution can be obtained in a matter of seconds in most cases. In a handful of cases, however, the entire state/key recovery is not feasible in a practical amount of time. For those cases, we show full recovery is possible when a small number of bits are guessed. We also study the effect of increasing/decreasing the number of keystream bits on the solution time. Following a number of literature, we initially assume the traces that are obtained are noiseless. Later, we show how an extension of our model can deal with the noisy traces (which is a more general assumption).