Side channel collision attack on TWINE-80 and DES with reduced masked rounds

Abstract

In this work, we present the rst side channel collision based key recovery attack on TWINE block cipher with 80-bit secret key and also present the improved version of the work done by Jongsung et al. in on DES.We focus on TWINE-80 security when the rst 7, 8 and 9-rounds of the cipher are masked. Our 7-masked round attack requires the lowest measurements (222:58) and can recover 12-bits of the secret key. In our 8-masked round attack, we can nd 24-bits of the secret key with 232:58 measurements whereas in our 9-masked round attack, we are able to nd 40-bits of the secret key information with 246:17 measurements. The fact that encryption and decryption functions of TWINE-80 are similar can be utilized to launch the above attacks when the last 7, 8 and 9 rounds of the cipher are masked. Thus, we show that at least 20 rounds of TWINE-80 need to be masked to ensure security against side channel leakage. The differential characteristics constructed to demonstrate our attacks are new and hitherto not been reported before for TWINE-80. In our work on DES, we improved the 7-round masked attack in using one more characteristic mentioned in and we recover full round 48-bit subkey of the rst round. The data complexity of our attack is 236:99. The time complexity is 236:99 measurements and 235:99 curve comparisons.