Correlation Power Attack on Hardware Implementation of OCB Authenticated Cipher

Authenticated encryption schemes provide both confidentiality and integrity services simultaneously. To design such schemes, the CAESAR competition was being held with six winners. One of the criteria for evaluation theses ciphers, besides general security, is the security against side-channel attacks, which has been studied less so far. The OCB authenticated cipher, one of the CAESAR’s winners, has special security properties such as a tweakable block cipher based construction that makes the side-channel attacks challenging. In this paper, for the first time, a 7-stage correlation power analysis (CPA) attack on nonce processing time is presented to indicate its vulnerability. For this purpose, OCB cipher is implemented on a SAKURA-G board. By measuring and collecting the power traces on S-box, a successful CPA attack with a zero-value power model is mounted and all bytes of the key are recovered. Keywords Authenticated encryption (AE) scheme, OCB scheme, Correlation power analysis, CAESAR competition, SAKURA-G.