Side-Channel Resistance Evaluation of a Neural Network Based Lightweight Cryptography Scheme Marc St¨ ottinger, Sorin A. Huss Integrated Circuits and Systems Lab Dept. of Computer Science Technische Universit¨ at Darmstadt Email: {stoettinger|huss}@iss.tu-darmstadt.de Sascha M¨ uhlbach Research Group on Secure Things Center of Advanced Security Research Darmstadt (CASED) Email: sascha.muehlbach@cased.de Andreas Koch Embedded Systems and Applications Dept. of Computer Science Technische Universit¨ at Darmstadt Email: koch@esa.cs.tu-darmstadt.de Abstract— Side-channel attacks have changed the design of secure cryptographic systems dramatically. Several published attacks on implementations of well known algorithms such as, e.g., AES, show the need to consider these aspects to build more resistant cryptographic systems. On the other hand, with the increasing use of cryptography in embedded systems a significant demand exists for cryptographic algorithms that are both resource- and power-efficient. These can be either modified existing or completely new ones. One of the candidates for such a new algorithm is the Tree Parity Machine Public Key Exchange, an algorithm based on artificial neural networks. While it has been evaluated in a number of practical applications in the past, its side-channel resistance has not been examined yet. We would like to close this gap and present a side-channel attack strategy as well as results gathered from measurements made on a real implementation. I. I NTRODUCTION AND RELATED WORK Security and integrity aspects play an important part in the design of current embedded systems. Identification cards, gaming consoles, SIM cards or Digital Rights Management systems for audio and video content require a strong security concept to protect data from unauthorized access, duplica- tion or forgery. As hardware resources in these devices are often limited, intensive research aims to find optimized im- plementations of traditional algorithms (e.g., RSA, AES) or completely new algorithms with low hardware resource costs (sometimes also referred to as ”‘lightweight”’ implementa- tions/algorithms) [1]. On the opposing side, new techniques for attacking the implementations of cryptographic algorithms have been discovered. In recent years, aided by increasingly accurate measurement equipment, especially side-channel at- tacks which attempt to exploit information leaking from a device while it is performing cryptographic operations have been published [2]–[5]. Algorithms / implementations must thus be designed not only for computational efficiency, but also for a resistance against well-known side-channel attacks. To this end, we will examine a recently published algorithm for public key exchange targeted especially for the use in resource-constrained environments. In contrast to the currently dominant algorithms, the proposed cryptographic system does not rely on number theory and complex mathematical calcu- lations. Instead, its security is based on the synchronization of special neural networks by mutually adapting their internal states [6], an operation which can be implemented with very low hardware requirements. By using an appropriate learning rule, these tree-structured neural networks (called Tree Parity Machines, TPM) will synchronize to a common state when they are trained to imitate the output of the corresponding network on a set of common inputs. Since the internal state is never transmitted over the insecure channel, it can be used as a common encryption / decryption key for, e.g., an AES algorithm after synchronization has completed. Synchroniza- tion time is short and only a few hundred bits need to be transmitted to securely exchange a 128 bit symmetric key [7]. Furthermore, the computational complexity of the operations performed by the cryptographic devices is very low. The security of the TPM algorithm has first been evaluated by Shamir et. al [8], discovering some weaknesses that could be exploited by a group of cooperative attackers. In recent years, however, a number of publications presented counter- measures alleviating these weaknesses (e.g., by adjusting the network parameters [7], or by adding predictable errors to the network output to confuse the attacker [9]). With these improvements, TPM has become a promising algorithm for use in resource-constrained environments. Beyond the theroretical analysis, a number of case studies have examined the practical use of TPMs: [10] presents an architecture for secure chip-to-chip communication in embed- ded systems, using TPM key exchange extended with multi- party functionality for an unlimited number of bus participants. The same authors proposed a special stream cipher based on TPMs, which allows high-speed encryption and decryption at native bus speeds with very low resource demands [11]. The technique was also used for One-Time Password schemes [12], secure authentication in WiMAX networks [13], and supporting secure group communication in ad-hoc networks [14]. However, all the contributions did not discuss the side- channel resistance of implementations of the TPM algorithm (as demanded by [15]). We close this gap by providing a first evaluation of the side-channel resistance of the TPM algorithm and offer practical results gained by attacking an actual hardware implementation of the algorithm using the well-studied Differential Power Analysis (DPA) method. The paper is organized as follows: Section II describes the