Susceptibility of eSTREAM Candidates towards Side Channel Analysis

Benedikt Gierlichs, Lejla Batina, Christophe Clavier, Thomas Eisenbarth, Aline Gouget, Helena Handschuh, Timo Kasper, Kerstin Lemke-Rust, Stefan Mangard, Amir Moradi, Elisabeth Oswald


The eSTREAM project [1] is an open multi-year effort to identify new stream ciphers that might become suitable for widespread adoption. Stream ciphers are evaluated in two categories of applications. Profile 1 includes stream ciphers for software applications with high throughput requirements and Profile 2 includes stream ciphers for hardware applications with restricted resources such as limited storage, gate count, or power consumption. Table 1 summarizes the candidates in phase 3 of the eSTREAM project.
It is worth noting that side channel analysis is an implementation attack, i.e., in practice the susceptibility depends on the design of the cipher, the design of the implementation, and the target platform. However, this work follows a more general theoretical approach and focuses on the susceptibility of implementation properties for a given cipher design. The susceptibility towards side channel analysis is assessed by considering established implementation techniques, side channel leakage models, and side channel attacks. Previously, similar approaches were carried out by Biham and Shamir [3] as well as Daemen and Rijmen [5] for the AES candidates and by Oswald and Preneel for the NESSIE candidates [9]. This paper is organized as follows. Section 2 introduces the framework and evaluation criteria for assessing the theoretical susceptibility of stream ciphers towards side channel analysis. In Sections 3 and 4 these evaluation criteria are applied to all relevant stream ciphers in phase 3 of the eSTREAM project. Section 5 summarizes our results. For the specifications of the eSTREAMciphers, the reader is referred to [1].
Original languageEnglish
Publication statusPublished - 2008


Dive into the research topics of 'Susceptibility of eSTREAM Candidates towards Side Channel Analysis'. Together they form a unique fingerprint.

Cite this