IACR News item: 14 October 2012
Changyong Peng, Chuangying zhu, Yuefei Zhu, Fei Kang
ePrint ReportAbdul-Latip et al. give a side channel attack(under the single bit leakage model) on the cipher at ISPEC 2010.Their
analysis shows that one can recover the 128-bit key of the cipher, by considering a one-bit information leakage from
the internal state after the second round, with time complexity of O(2^68) evaluations of the cipher, and data complexity
of about 2^10 chosen plaintexts.Our side channel attack improves upon the previous work of Shekh Faisal Abdul-Latip
et al. from two aspects. First, we use the Hamming weight leakage model(Suppose the Hamming weight of the lower
64 bits and the higher 64 bits of the output of the first round can be obtained without error) which is a more relaxed
leakage assumption, supported by many previously known practical results on side channel attacks, compared to the
more challenging leakage assumption that the adversary has access to the \"exact\" value of the internal state bits as
used by Shekh Faisal Abdul-Latip et al. Second, our attack has also a reduced complexity compared to that of Shekh
Faisal Abdul-Latip et al. Namely, our attack of recovering the 128-bit key of NOEKEON has a time complexity 20.1
seconds on a PC with 2.6 GHZ CPU and 8G RAM and data complexity of 99 known plaintexts; whereas, that of
Shekh Faisal Abdul-Latip et al. has time complexity of O(2^68) and needs about 2^10 chosen plaintexts.
Additional news items may be found on the IACR news page.