Cache timing attack on SMS4

ZHAO Xin-jie; WANG Tao; ZHENG Yuan-yuan

Tongxin xuebao (Jan 2010)

Cache timing attack on SMS4

ZHAO Xin-jie,
WANG Tao,
ZHENG Yuan-yuan

Affiliations

ZHAO Xin-jie
WANG Tao
ZHENG Yuan-yuan

Journal volume & issue: Vol. 31
pp. 89 – 98

Abstract

Read online

Two access driven Cache timing analysis methods on both first four rounds and last four rounds of SMS4 encryption were proposed and discussed.On the precondition of not interfering SMS4 encryption,a spy process was designed to gather the un-accessed lookup table related Cache sets during first four rounds and last four rounds of SMS4 encryption,then transferred them into impossible lookup table indices,combing plaintext or cipher text to analyze the impossible key byte candidates,finally the initial SMS4 key was recovered.Experiment results demonstrate that multi-process sharing Cache space feature and SMS4 lookup table structure decide that SMS4 is vulnerable to Cache timing attack,for about 80 samples are enough to recover full 128bit SMS4 key during both first four rounds attack and last four rounds attack,so it’s necessary to take certain countermeasures to prevent this kind of attack.

SMS4;access driven;Cache timing attack;Cache set;table lookup index

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords