KUZNYECHIK” Optimized Implementations on FPGA and Microcontrollers and Their DPA Analysis Resistance

ФГУП «НПП «Гамма»

“KUZNYECHIK” Optimized Implementations on FPGA and Microcontrollers and their DPA Analysis Resistance

Cédric DELAUNAY, ESIEA, (C + V) ^ O Lab, France Делоне Седрик, ESIEA, (C+V)^O Lab, Франция

Alexander Alexandrovich ISTOMIN, “NPP “GAMMA”, Russia Истомин Александр Александрович, ФГУП «НПП «ГАММА», Россия Eric FILIOL, ESIEA, (C + V) ^ O Lab, Laval, France Фийол Эрик, ESIEA, (C+V)^O Lab, Лаваль, Франция XXI - RUSCRYPTO 2019 20.03.2019 COOPERATION / КООПЕРАЦИЯ 20.03.2019

ESIEA FSUE “SIE “GAMMA”

(C + V) ^ O Lab. Federal State Unitary Enterprise Resistance Laboratory of Operational Scientific and Industrial Enterprise Cryptology and Virology,

“GAMMA”, Analysis

France Russian Federation & DPA & ESIEA ФГУП «НПП «ГАММА» (C + V) ^ O Lab. Федеральное Государственное Лаборатория оперативной Унитарное Предприятие

Криптологии и Вирусологии, «Научно-производственное предприятие Implementations Франция «ГАММА»,

Россия

Optimized

- KUZNYECHIK KUZNYECHIK 2 Presentation Outline 20.03.2019

1. “Kuznyechik” et al.

2. Securing the Implementation

3. CPA and DPA – Attacks and Resistance

4. Results and Conclusions

5. Where to next ?

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 3 Initial context and stakes 20.03.2019

• Study the symmetric GOST R 34.12-2015 aka “Grasshopper” Block cipher algorithm.

• Provide different implementations for FPGA and Microcontrollers

• Check the resistance of the algorithm and its implementations to CPA and

DPA attacks.

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 4 20.03.2019

« Kuznyechik » et al. Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

About Grasshoppers and Waffles - KUZNYECHIK KUZNYECHIK 5 “Kuznyechik” (GOST R 34.12-2015)* 20.03.2019

• Russian Standard, adopted 01/2016 • Symmetric Block Cipher algorithm • 128 bits Block size • 256 bits Key length • 10 sub-keys of 128 bits • Substitution-Permutation Network • Feistel Network for Key Schedule • 10 Rounds / 3 functions per round Non-linear Plaintext XOR with Sub Linear XOR with last permutation Key i Transformation Sub Key Ciphertext

(S-Box)

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized - 9 identical

rounds KUZNYECHIK KUZNYECHIK

(*): for all those in hibernation for the last 5 years 6 “Kuznyechik” (GOST R 34.12-2015)* 20.03.2019

• Linear permutation L :

where:

and

where :

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK

(*): for all those in hibernation for the last 5 years 7 The AES Cipher as brief reminder 20.03.2019

• NIST Standard, adopted 2001 * • Symmetric Block Cipher algorithm • 128 bits Block size • 128, 192 or 256 bits Key length • 14 sub-keys of 128 bits

• Substitution-Permutation Network Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized • 14 Rounds / 4 functions per round -

(for 256 bit key length) KUZNYECHIK KUZNYECHIK

(*): Belgian Waffle – our avatar for the AES 8 Cipher Kuznyechik on FPGA 20.03.2019

• Several variants where conceptualized and implemented

• Here the results of the first implementations:

Encryption DELAY depending on the compactness of the model Encryption SPEED depending on the compactness

of the model

)

MBps

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

Delay (ns) Delay

Encryption Speed ( Encryption KUZNYECHIK KUZNYECHIK

Compactness in Look Up Tables (LUTs) Compactness in Look Up Tables (LUTs) 9 20.03.2019

Securing the

Implementation Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized Вежливые Зелёные Кузнечики -

« It’s not easy being green » KUZNYECHIK KUZNYECHIK 10 Threat Matrix 20.03.2019 SIGINT / MEASINT • What do we face ?  Power Consumption Analysis - Attack

Fault Injection

- Voltage Glitch - Temperature - hν (Laser,…) Side-Channel […] !!! Microprobing Analysis

Active Passive

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized -

Invasive Non - Invasive KUZNYECHIK KUZNYECHIK HUMINT Physical Attacks 11 Securing the Implementation 20.03.2019

How can we protect ourselves against these attacks? Resistance

Enacting Analysis

HARDWARE and SOFTWARE & DPA &

Countermeasures Implementations

• Random Delay Insertion • Masking

Optimized - • Noise Generator • Dual-Rail with Precharge Logic

• Shuffling KUZNYECHIK KUZNYECHIK Chosen Solution ! 12 Securing the Implementation 20.03.2019

How does the masked “Kuznyechik”-Implementation work ?

Random Mask Generation

XOR between the Plaintext and the mask before encryption (or decryption)

Unmasking at the end of the encryption (or decryption)

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 13 Securing the Implementation 20.03.2019

• Masking AES-256 works the same way

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 14 Securing the Implementation 20.03.2019

• Comparison between implementations: (Reference Platform XILINX Artix7 (Speedgrade -1) )

Implementatio “Kuznyechik “Kuznyechik” AES-256 n: ” Standard Masked Standard LUTs: 8810 10106 4846 Latches: 2167 2697 4540

Maximum 28.5 MHz 28.5 MHz 28.5 MHz Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

Frequency: - Delay: 1526.2 ns 1596.2 ns 1920.0 ns

Encryption rate 83.9 Mbps 80.8 Mbps 66.7 Mbps KUZNYECHIK KUZNYECHIK 15 Preview of the CPA Theory 20.03.2019

• Leakage Model

Attacked Component

N Plaintexts Secret Key K N Ciphertexts

Mathematical N Leaks Most likely Distinguisher key Leakage

Model Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized M Key - N’ N’ Ciphertexts

Plaintexts possibilities KUZNYECHIK KUZNYECHIK

Theoretica l Leaks 16 20.03.2019

CPA and DPA

Attacks and Resistance Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

…after that, the NSA, the CIA,… - KUZNYECHIK KUZNYECHIK 17 DPA Setup in FPGA 20.03.2019

• XILINX Artix 7 XC7A35T & XC7A100T

RX_data_out

128-bit input Data_ready Sub-key RX UART Receiver RX_done_tick buffer Scheduler

Sub_keys

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized - TX_data_in Ciphertext

TX_start 128-bit output Start_transmit UART Transmitter Encryption Block TX buffer

TX_done Transmit_done KUZNYECHIK KUZNYECHIK

GOST R 34.12-2015 “KUZNYECHIK” 18 Power Measurement 20.03.2019

• Direct measurement at the source

• Usually through a shunt resistor in the Power supply line

 The voltage at measured at the resistor is linear proportional to the current through the circuit […] add fp, sp, #0 sub sp, sp, #20 str r0, [fp, #-16] mov r3, #0 str r3, [fp, #-8] b .L2 .L3: ldr r3, [fp, #-8] add r3, r3, #1

str r3, [fp, #-8] Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

ldr r3, [fp, #-16] - mov r3, r3, asr #1 str r3, [fp, #-16] .L2: ldr r3, [fp, #-16] cmp r3, #0 bgt .L3 ldr r3, [fp, #-8]

mov r0, r3 KUZNYECHIK add sp, fp, #0 ldmfd sp!, {fp} bx lr […] 19 EM-Field Measurement 20.03.2019

• Indirect measurement

• Current through conductor = magnetic field

• Measured through an H-Probe

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized - H-Probe Constructions

: KUZNYECHIK KUZNYECHIK 20 Hardware Setup 20.03.2019

• Data Acquisition Equipment (France)  Power measurement through shunt on Microcontroller  Power measurement through H-Probe on Artix Devboard

Data Acquisition Device CW1200

ChipWhisperer CW1200

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK

Target FPGA Board H-Probe + LNA 21 Hardware Setup 20.03.2019

• Data Acquisition Equipment – Russia

• Two Labs with ChipWhisperer CW1173 and special FPGA Target Board  Power measurement through shunt on Microcontroller

 Power measurement through shunt on low noise FPGA Board XC7A100T

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 22 Standard CPA with AES (trivial) 20.03.2019

Complete AES Signature (1 trace):

Detail:

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 23 Standard CPA with AES (trivial) 20.03.2019

• An algorithm can be mathematically strong but very weak in hardware implementations without countermeasures

Key found with only

50 traces

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 24 “Kuznyechik” Traces on Microcontroller 20.03.2019

• Full trace

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 25 Masked – Kuznyechik on FPGA 20.03.2019

• Masked / Non- Masked implementations have very similar signatures

• Here are 10+ traces superimposed (unsynchronized)

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 26 Masked – Kuznyechik on FPGA 20.03.2019

• Annotated Single Trace

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 27 20.03.2019

Results & Conclusions

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 28 Results 20.03.2019

• Working set: 100 000 traces (4000 sample points / trace ) acquired.

• Tested attacks:

 Rounds : 1st round / 10th round / 9th round with 10th known key

 Leakage models : Hamming Distance (DPA) & Hamming Weight (CPA)

 Mathematical Distinguisher : Pearson correlation coefficient

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 29 Results 20.03.2019

Despite the acquisition of a large number of traces, no subkeys could be extracted from a “Kuznyechik” encryption process. No "usual" model, working on AES, DES, 3DES or RSA made it possible to determine one of the subkeys.

Even if a sub key were discovered, there would still be a problem:

. Subkeys are generated in pairs, so 2 subkeys are needed to recover the master key (instead of one for

AES !)

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized - Key Scheduling formula :

Where KUZNYECHIK 30

Results 20.03.2019 Resistance

• Four optimized implementations (2x FPGA + 2x Microcontroller) have been Analysis developed, allowing to compare the “Kuznyechik” (GOST R 34.12-2015) algorithm

and AES. DPA &

• However, even if security elements have been addressed, it is impossible to say whether or not this algorithm is sensitive to DPA / CPA attacks.

• Less “traditional” methods, Implementations such as attacks involving the use of Machine Learning (ML), should be

considered.

Optimized -

• Or maybe … KUZNYECHIK KUZNYECHIK 31 20.03.2019

Where to next ? Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

Кто виноват ? Что делать ? - KUZNYECHIK KUZNYECHIK 32 3D - Leakage Cartography 20.03.2019

• 2D + Time !

• Works better with chip decapping !

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 33 3D - Leakage Cartography 20.03.2019

• Very precise X-Y Plotter Table (special Construction)

• Micro H-Probe / Micro H-Probe Array (ev. E-Probe)

• Work in progress !

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 34 Caveats ? 20.03.2019

• Very High Analysis Cost ! Pessimistic : (X*Y : X*Y) * Traces

• Not very usable for small implementations   Small attack surface

• Targeted for high speed implementations using most FPGA gate area

• Semi-invasive / full invasive technique ( a little ! )

Optimized Implementations & DPA Analysis Resistance Analysis DPA & Implementations Optimized

- KUZNYECHIK KUZNYECHIK 35 Thank you for your attention !

Cédric DELAUNAY, Делоне Седрик, ESIEA, (C + V) ^ O Lab, France ESIEA, (C+V)^O Lab, Франция [email protected] [email protected]

Alexander Alexandrovich ISTOMIN, Истомин Александр Александрович, FSUE “SIE “GAMMA”, Russia ФГУП «НПП «ГАММА», Россия [email protected] [email protected]

Eric FILIOL, Фийоль Эрик, ESIEA, (C + V) ^ O Lab, Laval, France ESIEA, (C+V)^O Lab, Лаваль, Франция [email protected] [email protected]

ФГУП «НПП «Гамма»

XXI - RUSCRYPTO 2019 36 20.03.2019