Abstract:
Aiming at the structure of the lightweight authentication encryption algorithm ASCON, a differential power analysis) method is proposed. It combines the implementation characteristics of the algorithm S-box, uses the Hamming weight model as the power consumption discrimination function, groups the traces, and recovers the master key for encryption. Furthermore, for the "ghost peaks" what appear in DPA attacks, a traces preprocessing method is given. First, the traces are grouped according to plaintext and averaged, and then DPA attacks are launched on the preprocessed traces. The 44 bit master key of ASCON cipher can be recovered by attacking its
sa permutation, where 1 500 traces are collected. In addition, the time required to directly attack the original traces is 21 849.888 9 ms, and the time required to attack the preprocessed traces is 198.911 3 ms. After preprocessing the traces, the time taken to attack the preprocessed traces is about 1/109 of that of directly attacking the original traces.