Access-Driven Cache Attack on the Stream Cipher DICING Using the Chosen IV

Yukiyasu TSUNOO  Takeshi KAWABATA  Tomoyasu SUZAKI  Hiroyasu KUBO  Teruo SAITO  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E93-A   No.4   pp.799-807
Publication Date: 2010/04/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E93.A.799
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
eSTREAM,  stream cipher,  DICING,  cache attacks,  

Full Text: PDF(338.6KB)>>
Buy this Article

A cache attack against DICING is presented. Cache attacks use CPU cache miss and hit information as side-channel information. DICING is a stream cipher that was proposed at eSTREAM. No effective attack on DICING has been reported before. Because DICING uses a key-dependent S-box and there is no key addition before the first S-box layer, a conventional cache attack is considered to be difficult. We therefore investigated an access-driven cache attack that employs the special features of transformation L to give the chosen IV. We also investigated reduction of the computational complexity required to obtain the secret key from the information gained in the cache attack. We were able to obtain a 40-bit key differential given a total of 218 chosen IVs on a Pentium III processor. From the obtained key differential, the 128-bit secret key could be recovered with computational complexity of from 249 to 263. This result shows that the new cache attack, which is based on a different attack model, is also applicable in an actual environment.