LNCS 10052

Sara Foresti
Giuseppe Persiano (Eds.)

Cryptology and
Network Security
15th International Conference, CANS 2016
Milan, Italy, November 14–16, 2016
Proceedings

123


Lecture Notes in Computer Science
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell

Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology, Madras, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany

10052


More information about this series at />

Sara Foresti Giuseppe Persiano (Eds.)
•

Cryptology and
Network Security
15th International Conference, CANS 2016
Milan, Italy, November 14–16, 2016
Proceedings

123



Editors
Sara Foresti
Università degli Studi di Milano
Crema
Italy

Giuseppe Persiano
Università degli Studi di Salerno
Fisciano
Italy

ISSN 0302-9743
ISSN 1611-3349 (electronic)
Lecture Notes in Computer Science
ISBN 978-3-319-48964-3
ISBN 978-3-319-48965-0 (eBook)
DOI 10.1007/978-3-319-48965-0
Library of Congress Control Number: 2016955512
LNCS Sublibrary: SL4 – Security and Cryptology
© Springer International Publishing AG 2016
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are

believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, express or implied, with respect to the material contained herein or for any errors or
omissions that may have been made.
Printed on acid-free paper
This Springer imprint is published by Springer Nature
The registered company is Springer International Publishing AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland


Preface

These proceedings contain the papers selected for presentation at the 15th International
Conference on Cryptology and Network Security (CANS 2016), held in Milan, Italy,
on November 14–16, 2016. The conference was held in cooperation with the International Association of Cryptologic Research and focuses on technical aspects of
cryptology and of data, network, and computer security. These proceedings contain 30
full papers (with an acceptance rate of 25.86 %) and 18 short papers selected by the
Program Committee from 116 submissions. The proceedings also contain an extended
abstract for the 8 posters presented at the conference.
The many high-quality submissions made it easy to build a strong program but also
required rejecting good papers. Each submission was judged by at least three reviewers
and the whole selection process included about six weeks of reading and discussion in
the Program Committee.
The credit for the success of an event like CANS 2016 belongs to a number of
people, who devoted their time and energy to put together the conference and who
deserve acknowledgment. There is a long list of people who volunteered their time and
energy to organize the conference, and who deserve special thanks. We would like to
thank all the members of the Program Committee and all the external reviewers, for all
their hard work in evaluating all the papers during the summer. We are grateful to
CANS Steering Committee for their support. Thanks to Giovanni Livraga, for taking
care of publicity and chairing local organization. We are very grateful to the local

organizers for their support in the conference organization and logistics. We would like
to thank the keynote speakers for accepting our invitation to deliver a talk at the
conference.
Special thanks are due to the Università degli Studi di Milano for its support and for
hosting the event, and to the Italian Association for Information Processing (AICA) for
support in the secretarial and registration process.
Last but certainly not least, our thanks go to all the authors who submitted papers
and posters and to all the conference’s attendees. We hope you find the program of
CANS 2016 interesting, stimulating, and inspiring for your future research.
November 2016

Sara Foresti
Pino Persiano
Pierangela Samarati


Organization

General Chair
Pierangela Samarati

Università degli Studi di Milano, Italy

Program Chairs
Sara Foresti
Giuseppe Persiano

Università degli Studi di Milano, Italy
Università degli Studi di Salerno, Italy


Poster Chairs
Sara Foresti
Giuseppe Persiano
Pierangela Samarati

Università degli Studi di Milano, Italy
Università degli Studi di Salerno, Italy
Università degli Studi di Milano, Italy

Publicity Chair
Giovanni Livraga

Università degli Studi di Milano, Italy

Local Arrangements Chair
Giovanni Livraga

Università degli Studi di Milano, Italy

Steering Committee
Yvo Desmedt (Chair)
Juan A. Garay
Amir Herzberg
Yi Mu
David Pointcheval
Huaxiong Wang

The University of Texas at Dallas, USA
Yahoo! Labs, USA
Bar Ilan University, Israel

University of Wollongong, Australia
CNRS and ENS Paris, France
Nanyang Technological University, Singapore

Program Committee
Lejla Batina
Carlo Blundo
Henry Carter
Nishanth Chandran
Yingying Chen

Radboud University, The Netherlands
Università degli Studi di Salerno, Italy
Villanova University, USA
Microsoft Research, India
Stevens Institute of Technology, USA


VIII

Organization

Sherman S.M. Chow
Ricardo Dahab
Sabrina De Capitani di
Vimercati
Angelo De Caro
Yvo Desmedt
Nelly Fazio
Georg Fuchsbauer

Rosario Gennaro
Amir Herzberg
Vincenzo Iovino
Rob Johnson
Florian Kerschbaum
Aggelos Kiayias
Albert Levi
Ming Li
Dongdai Lin
Peng Liu
Javier Lopez
Steve Lu
Atsuko Miyaji
Evagelos Markatos
Refik Molva
Yi Mu
Gregory Neven
Antonio Nicolosi
Svetla Nikova
Emmanuela Orsini
Panos Papadimitratos
Stefano Paraboschi
Gerardo Pelosi
Benny Pinkas
Pierangela Samarati
Nitesh Saxena
Andreas Schaad
Dominique Schroeder
Peter Schwabe
Willy Susilo

Katsuyuki Takashima
Qiang Tang
Meng Yu
Huaxiong Wang

Chinese University of Hong Kong, Hong Kong
IC-UNICAMP, Brazil
Università degli Studi di Milano, Italy
IBM Research, Zurich, Switzerland
The University of Texas at Dallas, USA
City University of New York, USA
Ecole Normale Supérieure, France
City University of New York, USA
Bar Ilan University, Israel
University of Luxembourg, Luxembourg
Stony Brook University, USA
SAP, Germany
University of Athens, Greece
Sabanci University, Turkey
University of Arizona, USA
Chinese Academy of Sciences, China
The Pennsylvania State University, USA
University of Malaga, Spain
Stealth Software Technologies Inc., USA
Osaka University/JAIST, Japan
University of Crete, Greece
Eurecom, France
University of Wollongong, Australia
IBM Research, Zurich, Switzerland
Stevens Institute of Technology, USA

KU Leuven, Belgium
University of Bristol, UK
KTH, Stockholm, Sweden
Università di Bergamo, Italy
Politecnico di Milano, Italy
Bar Ilan University, Israel
Università degli Studi di Milano, Italy
University of Alabama at Birmingham, USA
Huawei Research, Germany
Saarland University, Germany
Radboud University, The Netherlands
University of Wollongong, Australia
Mitsubishi Electric, Japan
University of Luxembourg, Luxembourg
University of Texas at San Antonio, USA
Nanyang Technological University, Singapore


Organization

IX

External Reviewers
Hamza Abusalah
Zakir Akram
Duygu Karaoğlan Altop
S. Abhishek Anand
Diego Aranha
Tomer Ashur
Seiko Arita

Arash Atashpendar
Pol Van Aubel
Monir Azraoui
Saikrishna
Badrinarayanan
Amos Beimel
Daniel Bernau
Jonas Boehler
Carl Bootland
Raphael Bost
Christina Boura
Florian Bourse
Alexandre Braga
Luigi Catuogno
Rongmao Chen
Michele Ciampi
Guo Chun
Mario Cornejo
Joan Daemen
Christophe Doche
Kaoutar Elkhiyaoui
Keita Emura
Martianus
Frederic Ezerman
Nils Fleischhacker
Atsushi Fujioka
Yuichi Futa
Marios Georgiou
Esha Ghosh
Rishab Goyal

Le Guan
Xue Haiyang
Jin Han
Wenhui Hu

Yupeng Jiang
Süleyman Kardaş
Aniket Kate
Akinori Kawachi
Anselme Kemgne Tueno
Mathias Kohler
Anna Krasnova
Ashutosh Kumar
Jianchang Lai
Russell W.F. Lai
Obbattu Sai
Lakshmi Bhavana
Hyung Tae Lee
Iraklis Leontiadis
Hemi Leibowitz
Bin Liu
Meicheng Liu
Naiwei Liu
Yunwen Liu
Zhen Liu
Jose M. Lopez
Isis Lovecruft
Atul Luykx
Chang Lv
Jack P.K. Ma

Mohammad Mamun
Pedro Maat Massolino
Peihan Miao
Christoph Michel
Shigeo Mitsunari
Eduardo Morais
Toru Nakanishi
Luiz Navarro
Ajaya Neupane
Khoa Nguyen
Hod Bin Noon
Maciej Obremski
Kazumasa Omote
Adam O’Neill
Melek Önen
Stjepan Picek

Fabio Piva
Elizabeth Quaglia
Srinivasan Raghuraman
Manuel Reinert
Oscar Reparaz
Vincent Rijmen
Ruben Rios
Adeline Roux-Langlois
Vipin Singh Sehrawat
Sruthi Sekar
Babins Shrestha
Maliheh Shirvanian
Roee Shlomo

Prakash Shrestha
Luisa Siniscalchi
William Skeith
Maciej Skórski
Akshayaram Srinivasan
Raymond K.H. Tai
Sri Aravinda
Krishnan Thyagarajan
Chenyang Tu
Miguel Urquidi
Cédric Van Rompay
Dimitrios Vasilopoulos
Gabriele Viglianisi
Xiao Wang
Xiuhua Wang
Yongge Wang
Harry W.H. Wong
Brecht Wyseur
Tran Phuong Viet Xuan
Bohan Yang
Eunjung Yoon
Libo Zhang
Miaomiao Zhang
Shiwei Zhang
Tao Zhang
Yongjun Zhao
Jingyuan Zhao
Jincheng Zhuang



Contents

Cryptanalysis of Symmetric Key
Linear Regression Attack with F-test: A New SCARE Technique
for Secret Block Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Si Gao, Hua Chen, Wenling Wu, Limin Fan, Jingyi Feng,
and Xiangliang Ma

3

Compact Representation for Division Property . . . . . . . . . . . . . . . . . . . . . .
Yosuke Todo and Masakatu Morii

19

An Automatic Cryptanalysis of Transposition Ciphers Using Compression . . .
Noor R. Al-Kazaz, Sean A. Irvine, and William J. Teahan

36

SideChannel Attacks and Implementation
Side-Channel Attacks on Threshold Implementations
Using a Glitch Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Serge Vaudenay

55

Diversity Within the Rijndael Design Principles for Resistance
to Differential Power Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Merrielle Spain and Mayank Varia


71

NEON-SIDH: Efficient Implementation of Supersingular Isogeny
Diffie-Hellman Key Exchange Protocol on ARM . . . . . . . . . . . . . . . . . . . .
Brian Koziel, Amir Jalali, Reza Azarderakhsh, David Jao,
and Mehran Mozaffari-Kermani

88

Lattice-Based Cryptography
Server-Aided Revocable Identity-Based Encryption from Lattices . . . . . . . . .
Khoa Nguyen, Huaxiong Wang, and Juanyang Zhang

107

Speeding up the Number Theoretic Transform for Faster Ideal
Lattice-Based Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Patrick Longa and Michael Naehrig

124

An Efficient Lattice-Based Multisignature Scheme with Applications
to Bitcoins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rachid El Bansarkhani and Jan Sturm

140


XII


Contents

Virtual Private Network
Breaking PPTP VPNs via RADIUS Encryption . . . . . . . . . . . . . . . . . . . . .
Matthias Horst, Martin Grothe, Tibor Jager, and Jörg Schwenk

159

LEAP: A Next-Generation Client VPN and Encrypted Email Provider . . . . . .
Elijah Sparrow, Harry Halpin, Kali Kaneko, and Ruben Pollan

176

Implementation State of HSTS and HPKP in Both Browsers and Servers. . . .
Sergio de los Santos, Carmen Torrano, Yaiza Rubio, and Félix Brezo

192

Signatures and Hash
Signer-Anonymous Designated-Verifier Redactable Signatures
for Cloud-Based Data Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
David Derler, Stephan Krenn, and Daniel Slamanig
Group Signature with Deniability: How to Disavow a Signature . . . . . . . . . .
Ai Ishida, Keita Emura, Goichiro Hanaoka, Yusuke Sakai,
and Keisuke Tanaka
Sandwich Construction for Keyed Sponges: Independence Between
Capacity and Online Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Yusuke Naito


211
228

245

MultiParty Computation
Secure Error-Tolerant Graph Matching Protocols. . . . . . . . . . . . . . . . . . . . .
Kalikinkar Mandal, Basel Alomair, and Radha Poovendran

265

Efficient Verifiable Computation of XOR for Biometric Authentication . . . . .
Aysajan Abidin, Abdelrahaman Aly, Enrique Argones Rúa,
and Aikaterini Mitrokotsa

284

Verifiable Message-Locked Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sébastien Canard, Fabien Laguillaumie, and Marie Paindavoine

299

Symmetric Cryptography and Authentication
Security of Online AE Schemes in RUP Setting . . . . . . . . . . . . . . . . . . . . .
Jian Zhang and Wenling Wu
An Efficient Entity Authentication Protocol with Enhanced Security
and Privacy Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Aysajan Abidin, Enrique Argones Rúa, and Bart Preneel

319


335


Contents

Probabilistic Generation of Trapdoors: Reducing Information Leakage
of Searchable Symmetric Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Kenichiro Hayasaka, Yutaka Kawai, Yoshihiro Koseki, Takato Hirano,
Kazuo Ohta, and Mitsugu Iwamoto

XIII

350

System Security
AAL and Static Conflict Detection in Policy . . . . . . . . . . . . . . . . . . . . . . .
Jean-Claude Royer and Anderson Santana De Oliveira
Component-Oriented Access Control for Deployment of Application
Services in Containerized Environments. . . . . . . . . . . . . . . . . . . . . . . . . . .
Kirill Belyaev and Indrakshi Ray
Generic Access Control System for Ad Hoc MCC and Fog Computing . . . . .
Bilel Zaghdoudi, Hella Kaffel-Ben Ayed, and Wafa Harizi

367

383
400

Functional and Homomorphic Encryption

SecReach: Secure Reachability Computation on Encrypted Location
Check-in Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hanyu Quan, Boyang Wang, Iraklis Leontiadis, Ming Li,
and Yuqing Zhang
FHE Over the Integers and Modular Arithmetic Circuits . . . . . . . . . . . . . . .
Eunkyung Kim and Mehdi Tibouchi
An Efficient Somewhat Homomorphic Encryption Scheme Based
on Factorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Gérald Gavin

419

435

451

Information Theoretic Security
Efficient, XOR-Based, Ideal ðt; nÞÀthreshold Schemes. . . . . . . . . . . . . . . . .
Liqun Chen, Thalia M. Laing, and Keith M. Martin

467

Efficient and Secure Multiparty Computations Using a Standard
Deck of Playing Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Takaaki Mizuki

484

Efficient Card-Based Cryptographic Protocols for Millionaires’
Problem Utilizing Private Permutations . . . . . . . . . . . . . . . . . . . . . . . . . . .

Takeshi Nakai, Yuuki Tokushige, Yuto Misawa, Mitsugu Iwamoto,
and Kazuo Ohta

500


XIV

Contents

Malware and Attacks
Evaluation on Malware Classification by Session Sequence
of Common Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Shohei Hiruta, Yukiko Yamaguchi, Hajime Shimada, Hiroki Takakura,
Takeshi Yagi, and Mitsuaki Akiyama
An Efficient Approach to Detect TorrentLocker Ransomware
in Computer Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Faustin Mbol, Jean-Marc Robert, and Alireza Sadighian
Detecting Malware Through Anti-analysis Signals - A Preliminary Study. . . .
Joash W.J. Tan and Roland H.C. Yap
Attackers in Wireless Sensor Networks Will Be Neither Random
Nor Jumping – Secrecy Amplification Case . . . . . . . . . . . . . . . . . . . . . . . .
Radim Ošť ádal, Petr Švenda, and Vashek Matyáš
Improved Attacks on Extended Generalized Feistel Networks . . . . . . . . . . . .
Valérie Nachef, Nicolas Marrière, and Emmanuel Volte
When Constant-Time Source Yields Variable-Time Binary:
Exploiting Curve25519-donna Built with MSVC 2015. . . . . . . . . . . . . . . . .
Thierry Kaufmann, Hervé Pelletier, Serge Vaudenay,
and Karine Villegas


521

532
542

552
562

573

MultiParty Computation and Functional Encryption
On the Power of Public-key Function-Private Functional Encryption . . . . . . .
Vincenzo Iovino, Qiang Tang, and Karol Żebrowski

585

A New Technique for Compacting Secret Key in Attribute-Based
Broadcast Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sébastien Canard, Duong Hieu Phan, and Viet Cuong Trinh

594

An Efficient Construction of Non-Interactive Secure Multiparty
Computation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Satoshi Obana and Maki Yoshida

604

An MPC-Based Privacy-Preserving Protocol for a Local Electricity
Trading Market. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Aysajan Abidin, Abdelrahaman Aly, Sara Cleemput,
and Mustafa A. Mustafa
Implementation of Verified Set Operation Protocols Based
on Bilinear Accumulators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Luca Ferretti, Michele Colajanni, and Mirco Marchetti

615

626


Contents

Multi-core FPGA Implementation of ECC with Homogeneous Co-Z
Coordinate Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bo-Yuan Peng, Yuan-Che Hsu, Yu-Jia Chen, Di-Chia Chueh,
Chen-Mou Cheng, and Bo-Yin Yang

XV

637

Network Security, Privacy, and Authentication
DNSSEC Misconfigurations in Popular Domains . . . . . . . . . . . . . . . . . . . .
Tianxiang Dai, Haya Shulman, and Michael Waidner

651

Integral Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Vicenç Torra and Guillermo Navarro-Arribas


661

Sharing Is Caring, or Callous? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Yu Pu and Jens Grossklags

670

Improving the Sphinx Mix Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Filipe Beato, Kimmo Halunen, and Bart Mennink

681

User Authentication from Mouse Movement Data Using SVM Classifier . . . .
Bashira Akter Anima, Mahmood Jasim, Khandaker Abir Rahman,
Adam Rulapaugh, and Md Hasanuzzaman

692

Distance Bounding Based on PUF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mathilde Igier and Serge Vaudenay

701

Posters
Denying Your Whereabouts: A Secure and Deniable Scheme
for Location-Based Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tassos Dimitriou and Naser Al-Ibrahim

713


Range Query Integrity in Cloud Data Streams with Efficient Insertion . . . . . .
Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo,
and Antonino Nocera

719

Vulnerability Analysis Using Google and Shodan . . . . . . . . . . . . . . . . . . . .
Kai Simon

725

Language-Based Hypervisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enrico Budianto, Richard Chow, Jonathan Ding, and Michael McCool

731

Internet Censorship in Italy: A First Look at 3G/4G Networks . . . . . . . . . . .
Giuseppe Aceto, Antonio Montieri, and Antonio Pescapè

737

A Privacy-Preserving Model for Biometric Fusion. . . . . . . . . . . . . . . . . . . .
Christina-Angeliki Toli, Abdelrahaman Aly, and Bart Preneel

743


XVI


Contents

Hybrid WBC: Secure and Efficient White-Box Encryption Schemes . . . . . . .
Jihoon Cho, Kyu Young Choi, Orr Dunkelman, Nathan Keller,
Dukjae Moon, and Aviya Vaidberg
Moving in Next Door: Network Flooding as a Side Channel
in Cloud Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Yatharth Agarwal, Vishnu Murale, Jason Hennessey, Kyle Hogan,
and Mayank Varia
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

749

755

761


Cryptanalysis of Symmetric Key


Linear Regression Attack with F-test: A New
SCARE Technique for Secret Block Ciphers
Si Gao1,2 , Hua Chen1(B) , Wenling Wu1 , Limin Fan1 , Jingyi Feng1,2 ,
and Xiangliang Ma1,2
1

Trusted Computing and Information Assurance Laboratory, Institute of Software,
Chinese Academy of Sciences, Beijing 100190, People’s Republic of China
{gaosi,chenhua,wwl,fanlimin,fengjingyi,maxiangliang}@tca.iscas.ac.cn

2
University of Chinese Academy of Sciences, Beijing 100049,
People’s Republic of China

Abstract. The past ten years have seen tremendous progress in the
uptake of side channel analysis in various applications. Among them,
Side Channel Analysis for Reverse Engineering (SCARE) is an especially fruitful area. Taking the side channel leakage into account,
SCARE efficiently recovers secret ciphers in a non-destructive and nonintrusive manner. Unfortunately, most previous works focus on customizing SCARE for a certain type of ciphers or implementations. In this
paper, we ask whether the attacker can loosen these restrictions and
reverse secret block ciphers in a more general manner. To this end, we
propose a SCARE based on Linear Regression Attack (LRA), which
simultaneously detects and analyzes the power leakages of the secret
encryption process. Compared with the previous SCAREs, our approach
uses less a priori knowledge, covers more block cipher instances in a completely non-profiled manner. Moreover, we further present a complete
SCARE flow with realistic power measurements of an unprotected software implementation. From traces that can barely recognize the encryption rounds, our experiments demonstrate how the underlying cipher can
be recovered step-by-step. Although our approach still has some limitations, we believe it can serve as an alternative tool for reverse engineering
in the future.

Keywords: Linear Regression Attack

1

· SCARE · F-test

Introduction

Over the past decades, Side Channel Attacks (SCA) posed a major threat
for many cryptographic implementations. As a powerful tool, SCA also shows
great potential in many non-key-recovery applications, including Side Channel Analysis for Reverse Engineering (SCARE). In general, reversing a secret
cipher through cryptanalysis is quite difficult. With side channel leakage, things

become much easier. Successful SCAREs have been proposed for many block
c Springer International Publishing AG 2016
S. Foresti and G. Persiano (Eds.): CANS 2016, LNCS 10052, pp. 3–18, 2016.
DOI: 10.1007/978-3-319-48965-0 1


4

S. Gao et al.

ciphers, including DES-like ciphers [1–3], AES-like ciphers [4] and general SPN
ciphers [5].
Despite the tremendous progress in the literature, getting SCARE out of the
lab is not an easy task. Most previous SCARE techniques, explicitly stated or
not, have a few limitations on their target ciphers or implementations. Guilley
et al.’s Sbox recovery is the only SCARE that has been verified with realistic
measurements [3]. As their attack implicitly assumes the diffusion layer is a
known bit-permutation, it only applies to DES-like ciphers. Other attacks rely
on theoretical simulations [4,6,7] or measurement-aided simulations [5], which
makes it hard to predict their actual performances in practice. In addition, most
attacks rely on “collision-detection” technique, which suggests the attacker has
to find the leakages of the same Sbox computation (preferably in the first round)
to build templates. This requirement imposes further restrictions on the target
cipher as well as implementation.
Our Contribution. In this paper, we aim to extend the previous SCARE techniques with Linear Regression Attack (LRA) [8]. Compared with other power
analyses, the advantage of LRA lies in its flexibility in the regression model.
With the full basis, LRA detects any relevant power leakage, just like NICV [9].
Meanwhile, LRA can also perform regressions with different models, verifying
various conjectures about the secret cipher. It is well known that the commonly
used evaluation measure in LRA—coefficient of determination (R2 )— increases

with the number of regressors [10]. In this paper, we suggest using F-test to fairly
compare different models and reveal some inherent cryptographic operations. In
SCARE, such attack further recovers the secret linear components, as well as
the inputs of the Sboxes. Compared with the previous SCAREs, our approach
has three advantages: first, it works in a general framework which covers many
common structures (SPN, Feistel, generalized Feistel, etc.). Second, our attack
takes less a priori knowledge about the target cipher or its implementation. In
our attack, the attacker does not have to know things like the size of the Sboxes,
the accurate location of each Sbox computation on the trace or the order of
the permutation computation in advance. Last but not least, our approach is
completely non-profiled. This means our attack works even if all the Sboxes in
the encryption process are completely different, whereas all previous collisionbased SCAREs fail due to lack of valid templates. We have verified our attack
with power leakages from an unprotected software implementation of DES. Our
experiments present the complete SCARE flow in details, demonstrating how
our LRA-based SCARE helps to determine the secret cipher step-by-step.

2
2.1

Preliminaries
Previous SCARE Techniques

So far, most SCARE studies focus on block ciphers. As modern block ciphers
usually contain non-linear (confusion) layers and linear (diffusion) layers, in the
following, we discuss these two cases separately.


Linear Regression Attack with F-test

5


Sbox Recovery. Confusion layers often consist of several small components, called
Substitution Boxes (Sboxes). For Sbox recovery, two types of SCAREs exist:
– Collision-based SCARE [4–6]. As a prevalent tool in SCARE [4–6], collision
attack exploits the similarity between the leakages from sequential computations of the same Sbox. Although marked as a non-profiled attack, collision
attacks share exactly the same routine as Template Attack (TA) [11]. The
only difference lies in the profiling stage, where collision attacks use other
sequentially-implemented Sbox computations as the profiling trace set [12].
Since the leakages of the exact same Sbox computation are not always available, this “online profiling” stage imposes restrictions on the implementations
as well as the target ciphers. For instance, if the target cipher is DES, the
attacker cannot build templates with the first round’s Sboxes, due to the
secret expansion transformation E. As DES uses 8 different Sboxes, finding
collision within the first round [5] is also impossible. Besides, collision attacks
usually requires the accurate points of interest to build effective templates.
Without any a priori knowledge, finding the accurate points of interest is
not an easy task in practice. As a result, none of the previous collision-based
SCAREs validated their attack with realistic experiments.
– Guilley et al.’s Sbox Recovery [3]. In 2010. Guilley et al. proposed an
Sbox recovery technique based on 1 bit CPA. As a nominal distinguisher, 1bit CPA does not require a priori knowledge about the leakage model or the
accurate points of interest. To our knowledge, this is the only SCARE that
verified with realistic hardware implementations (DPAContest v1). However,
in order to focus on one single output bit, the authors use an “output mask”.
Technically speaking, this means the attacker needs to find which bit in the
right register should store the guessed bit, as well as the last value of this
register (according to the Hamming Distance (HD) model). In other words,
these masks implicitly assume the attacker already know the diffusion layer is
a bit-permutation and the underlying cipher uses Feistel structure.
Linear Component Recovery. To our knowledge, Daudigny et al. ’s DES recovery is the only SCARE devoted to the diffusion layer. Unfortunately, their work
relies heavily on the specific implementation [1]. Specifically, in the permutation recovery, the authors assume the corresponding state is computed from the
most to the least significant bit, and use the time order of all bits as the permutation table. If the implementation uses any other order, their SCARE fails.

Other attacks recover linear components from the Sboxes’ power consumption.
In collision-based SCAREs, the linear part is treated as a secret matrix, which
can be determined from a lot of collision equations [5]. In this case, recovering
the linear components shares the same preconditions, as long as the unknown
linear part does not hinder the Sbox recovery.
2.2

Linear Regression Attack

In 2005, Schindler et al. proposed the Stochastic Attack [13] as an efficient
alternative for Template Attack [11]. With coefficient of determination (R2 ),


6

S. Gao et al.

Doget et al. further developed a non-profiled key-recovery attack [8]. In some
papers [8,14], this extension is noted as “Linear Regression Attack” (LRA).
A typical LRA works as follows: if the attacker wishes to recover a secret key
byte k, he can measure the power consumptions of some key-related operations
in the encryption process. Denote the n-bit intermediate state as x, the datadependent power leakage can be written as L(x), where L stands for the leakage
ˆ the
function. Since the encryption algorithm is given, with any key guess k,
attacker can compute the corresponding intermediate state xkˆ . As the leakage
L(x) only relates to the correct intermediate state xk , comparing L(x) with all
xkˆ gives a clue for the correct key. Specifically, the attacker chooses a t-length
, where bi ∈ F2n and xu =

regression basis Gb = xb1 , xb2 , ..., xbt


n

xi ui (xi

i=1

is the i-th bit of x and ui is the i-th bit of u). With N times measurements l and
ˆ the leakage function can be estimated as L(x
ˆ ˆ ) = β0 + β1 xb1 +
a key guess k,
ˆ
k
k
β2 xkbˆ2 + ... + βt xkbˆt , where

⎞
xkbˆ1 (1) . . . xkbˆt (1)
⎜
..
.. ⎟
..
⎟
Akˆ = ⎜
.
.
. ⎠
⎝
b1
bt

xkˆ (N ) · · · xkˆ (N )
⎛

βkˆ = Akˆ Akˆ

−1

Akˆ (l(1), ...., l(N ))

l(i) is the i-th measurement and x(i) is the corresponding intermediate state. If
the attacker uses a valid assumption about L(x) (i.e. chooses a valid Gb ), only
the correct key guess gives a valid regression. Thus, the attacker can use the
coefficient of determination (R2 ) as a distinguisher [8]
N

Rk2ˆ = 1 −

i=1

ˆ ˆ (x(i))
l(i) − L
k
N

2

2
l(i) − ¯l

i=1


k = arg max Rk2ˆ
ˆ
k

Theoretically speaking, R2 provides a measure of how well the observed outcomes are replicated by the model, as the proportion of total variation of outcomes explained by the model [10]. Since the regression with the wrong intermediate state cannot effectively explain the variance, key guesses with higher R2
are more likely to be correct.

3

LRA with F-test: A Useful Tool

Although LRA is a powerful key-recovery attack, directly applying it in SCARE
gives poor results. Unlike SCA, SCARE usually needs to compare different


Linear Regression Attack with F-test

7

models. Unfortunately, R2 is not suitable for this task. In this section, we perform F-test to compare LRA results from different regression models. Although
not explicitly stated, Whitnall’s stepwise regression uses the same technique [14].
In this section, we take one step further and discuss how F-test can help us in
the field of reverse engineering.
3.1

Motivation

In regression, R2 is a statistical measure of how well the regression approximates
the real data points. However, R2 alone cannot be used as a meaningful comparison of models with different numbers of independent variables. As a matter

of fact, R2 spuriously increases when extra explanatory variables are added to
the model. In this case, it is hard to tell whether the new model is more effective
than the old one. This problem seldom affects LRA in a key-recovery scenario:
in most block ciphers, the secret key only affects the value of the explanatory
variables. Since all the key guesses share the same regression model, the highest
R2 indicates the best regression. In SCARE, the story is completely different: as
SCARE’s target involves the regression model itself, using LRA in SCARE will
inevitably face the problem of comparing different regression models.
3.2

F-test with Nested Model

A well-known solution for this problem would be introducing F-test between two
models [15]. In statistics, two models are “nested” if one model (the full model
M2 ) contains all the terms of the other (the restricted model M1 ), and at least
one additional term. To determine whether the restricted model is adequate, we
can test the following hypothesis
H0 : the restricted model is adequate
H1 : the full model is better
with F statistic
RSS1 − RSS2 N − p2 + 1
∼ F (p2 − p1 , N − p2 + 1)
RSS2
p2 − p1
where p1 (p2 ) stands for the number of explanatory variables in M1 (M2 ), RSS1
(RSS2 ) represents the residual sum of squares, and N is the number of measurements. Following the notations in Sect. 2, the residual sum of squares (RSS)
is defined as
2
ˆ j (x(i))
l(i) − L

RSSj =
i

The null hypothesis is rejected if this statistic is greater than the critical value
of the F-distribution for some desired false-rejection probability α.


8

3.3

S. Gao et al.

Applications in SCARE

In SCAREs, LRA with F-test can help us verify various conjectures. For instance,
considering the case where we wish to decide whether a regression model can
explain the variance of the power measurements. Given a false-rejection probability α, F-test determines whether the regression is valid, considering both
the sample size N and the number of explanatory variables. Specifically, let M0
denote the model that contains only the constant term (the restricted model ),
while M1 is the tested regression model (the full model ). If the F-test above
rejects H0 with high confidence, the power measurements are somehow related
to the model M1 . This test helps us distinguish whether the resultant R2 represents a valid regression or the consequence of random noises. In the following,
this test is denoted as the ValidTest.
Another interesting application is to separate parallel signals from signals
that actually “mix” together in the cryptographic computations. Suppose we
have some intermediate state x and the corresponding power leakage l, and wish
to determine whether l comes from x itself or some cryptographic computations
of x. Throughout this paper, we assume the majority of the power leakage follows
the weighted Hamming Weight model, where L(x) = β0 + β1 x1 + ... + βn xn . Take

the two-bit x = {x0 , x1 } as a toy example, following the weighted Hamming
Weight model, the power leakage can be written as L(x) = β0 + β1 x0 + β2 x1 . If
some cryptographic computations (e.g. XOR) occur, the expression of L(x) also
contains β3 x0 x1 . Thus, the following hypothesis test applies:
H0 : M0 with regression basis {1, x0 , x1 } is adequate
H1 : M1 with regression basis {1, x0 , x1 , x0 x1 } is better
If the F-test accepts H0 with high confidence, we can conclude that x0 and
x1 are simply parallel implemented. Otherwise, it suggests there might be some
cryptographic operations performed with both x0 and x1 . Similarly, for a d-bit
group {x1 , x2 , ..., xd }, if we wish to test whether the i-th bit of x (xi ) mixes with
other bits, we can use the following hypothesis test:
H0 : M0 with regression basis G0 = {xu |u ∈ F2d ∧ ui = 0} ∪ {xi } is adequate
H1 : M1 with regression basis G1 = {xu |u ∈ F2d } is better
As this test aims to prune irrelevant bits, in the following sections, we denote
this test as the PruningTest.

4

A Realistic LRA-Based SCARE

This section further explains how our LRA with F-test helps to reveal the secret
cryptographic components. For this purpose, we chose an unprotected software
implementation of DES as our target. The power consumptions were measured
with a LeCroy WaveRunner 610Zi oscilloscope at a sampling rate of 20 MSa/s.
The entire trace set contains 20 000 traces, with 80 000 samples covering the first
3 rounds. As the power consumption of unprotected software implementation
can be easily exploited, in our experiments, we only use the first 2 000 traces.
Throughout this section, we assume the attacker does not know the underlying
cipher (DES) or the specific implementation.



Linear Regression Attack with F-test

4.1

9

Generalized Structure of the Target Cipher

In order to formally define a general flow for SCARE, we start our discussion
by proposing a generalized structure that covers most common block ciphers.
Many previous SCAREs assume their target ciphers use either the SubstitutionPermutation Network (SPN) or the standard Feistel structure. Although those
choices are quite popular, with LRA, we can do better.

Fig. 1. Structure overview

In Fig. 1(a), P0 and P1 represent linear operations, while S stands for the
non-linear operation. It is not hard to see that the standard SPN (Fig. 1(b)) and
Feistel structure (Fig. 1(c)) can be regarded as special cases of this generalized
scheme. Many other schemes, including the generalized Feistel structure, can
also be expressed by the generalized structure in Fig. 1(a) similarly. It is worth
mentioning that in a few cases, Fig. 1(a) may not correspond to a full encryption
round: if the round function uses more than one confusion layers, it should be
expressed as multiple rounds in Fig. 1(a). As we can see in Fig. 1(d), our target
cipher DES fits this scheme perfectly.
Secret key in SCARE. In most SCAREs, the secret key is simply regarded as
a part of the secret cipher. Specifically, if the secret key k is added before an
Sbox S, SCARE can only recover an equivalent Sbox S where S (x) = S(x ⊕ k).
Similar equivalence holds if k is added to other positions. In the following, we
simply ignore the secret key and recover it as a part of the secret Sboxes.



10

4.2

S. Gao et al.

Preparation

Before any reverse engineering, the attacker firstly observes the measured traces
and tries to learn some basic facts about the secret encryption procedure. In
our experiments, the attacker can easily identify three repetitive patterns on the
trace, which correspond to the first three encryption rounds. However, locating
each cryptographic operation on the trace is much harder. Indeed, without any
a priori knowledge, the attacker cannot even infer the number of Sbox with
confidence. Due to the length limit, we omit the measured trace figures here:
interested reader can find these figures in the full version of this paper.
4.3

Step 1: Recovering P0

Let n denote the block length. Assume P0 has m0 bits independent outputs, the
operation of P0 can be written as (y1 , y2 , ..., ym0 ) = P0 (x1 , x2 , ..., xn ) , where
P0 is a binary matrix. Our goal is to determine each yq , which can be written
as a linear combination of {x1 , x2 , ..., xn }. Apparently, we can also remove all xi
with coefficient 0 and simply write
yq = ⊕ xq j
j


where xq = xq 1 , xq 2 , ..., xq d represents the d input bits with coefficient 1.
Thus, recovering P0 equals to finding xq from {x1 , x2 , ..., xn }. Given an input
bit group guess x
˜q , we can fit the leakage from the Sboxes’ input (P0 ’s output)
with full basis LRA. With some false-rejection probability α, the ValidTest
shows whether there is a connection between the power leakage and x
˜q . If there
˜q may still involve some irrelevant
is, x
˜q can express some yq . Meanwhile, x
input bits. The PruningTest finds the input bits that do not appear in the
˜q is the exact
expression of yq . If both tests reject H0 , we can conclude that x
relevant input for some yq . The detailed procedure is presented in Algorithm
1. Noted the LRA in the ValidTest uses the constant basis G0 = {1} and the
˜uq |u ∈ F2d , while the LRA in the i-th PruningTest uses
full basis G1 = x
u
G2 = x
˜q |u ∈ F2d ∧ ui = 0 ∪ {xqi } and the full basis G1 = x
˜uq |u ∈ F2d .
Theoretically, Algorithm 1 only succeeds when the target state yq is related
to every single bit in x
˜q . According to our discussion above, XORing all bits in
x
˜q together gives us a candidate for yq . Thus, the attacker can perform one last
ValidTest with this candidate bit: if this bit does lead to a valid regression,
we have found some yq . This test blocks out many undesirable cases, such as
non-linear leakages or x
˜q expresses more than one yq .

With Algorithm 1 identifying the correct input bits, all output bits can be
found by simply enumerating all possible input guesses x
˜q . Considering the
implementation cost, designers tend to choose a lightweight matrix as the diffusion layer. Thus, the size of the correlated bit group (d) is more likely to be
a small number. To this end, the enumeration starts with the smaller group
guesses (smaller d) and moves towards the larger ones (larger d). As m0 cannot


Linear Regression Attack with F-test

11

Algorithm 1. LRA based SCARE test
1: procedure SCAREtest(˜
xq )
xq )
Test whether x
˜q can explain the power variance
2:
[pr1 , R2 ]=ValidTest(˜
3:
if pr1 > 1 − α then
4:
for i = 1 to d do
xq )
Test if xqi is relevant
5:
pr2 [i]=PruningTest(i,˜
6:
if pr2 [i] < 1 − α then

7:
return “Error 2”
x
˜q contains irrelevant bit xqi
8:
return min(pr2 [1..d])R2
9:
else
10:
return “Error 1”
x
˜q cannot explain the power variance

be efficiently determined in advance, the attacker must abort the enumeration
whenever he believes he has found enough yq . Assuming yq contains at most d
8,
bits of x, the enumerations above takes Cnd times LRA to find P0 . For d
this approach becomes too expensive.
Optimization. Clearly, Algorithm 1 returns two types of errors: with Error 2, it
˜q cannot form a valid
suggests that x
˜q contains an irrelevant bit xqi . Otherwise, x
regression. As the first case limits the expression of yq to a smaller range, we can
build a more efficient version of this attack. Suppose we choose a dg -bit group
guess where dg > d, Algorithm 1 verifies whether it causes a valid regression with
the ValidTest. If it does, as the PruningTest gives clues about which bit is
irrelevant, finding the exact input should be easy. In this case, we wish to find the
minimal dg -bit groups that covers all possible d-bit groups. This problem equals
to finding the covering set of a hypergraph. According to R¨
odl’s conclusion [16],

as n → ∞,
Cd
M (n, dg , d) → dn
Cdg
Thus, if the attacker estimates the expressions of all yq contain at most d input
bits, enumerating all dg group guesses above gives all yq . Dan Gordon’s web
site provides some known covering sets [17]. Note that this trick should only
be applied when d is large, as the covering problem of a hypergraph is quite
complicated itself. For clarity, we present the pseudo-code of this optimization
in Algorithm 2.
Experiments. Considering P0 is the first cryptographic operation in Fig. 1(a), in
our experiments, we have tested our attack with the first half of the first round’s
trace. With α = 0.01 %, only 32 bits pass our ValidTest. Since P0 ’s output
involves half of the plaintext bits, an experienced attacker may guess that P0
is a bit permutation. Table 1 lists our P0 ’s recovery with various numbers of
traces. According to the IP transformation in DES, our P0 ’s recovery gives 100 %
accurate result with 2000 traces. With 500 traces, our recovery gives one Type
II error (“false negative”), which means one of P0 ’s output bit is filtered out.