BitFlip: Side Channel Resistant Cipher
“The algorithmic complexity of ciphers is the Maginot line all over again” quipped one worried security expert in Tel Aviv. It was Adi Shamir who forewarned for years: “Cryptography may not be cracked, but it will be by-passed”, which is why he, and other concerned security mavens, now pay attention to what is known as ‘side channel cryptanalysis’. The computing chip leaks like a sieve (a tight sieve to be sure, but nonetheless). Be it sounds from the transformer from the power supply, electromagnetic radiation, or timing data — the modular arithmetic characteristic of today’s ciphers offers uneven computing effort that is “broadcast” by the computing chip. Multiplication of data, for example, is much more of an effort than straight squaring (basically a bit shift). The Hamming weight of a string relates directly to the computation effort. AES S-boxes have a clear non-linear relationship between input and output.
Masking this leakage is the new “pong” to the attack “ping” in this ongoing ping-pong game, but hackers are confident that all these masking tricks will only make it more difficult, but will not cancel this rich hack-opp.
It is on that background that we examined the new BitFlip cipher. Unlike the current generation, BitFlip is not implementing modular arithmetic. It operates with basic primitives: counting and flipping bits, and its operation is not dependent on the Hamming weight of a string. By all accounts both the message writer and the message decoder will operate with non-leaking chips. A practical test is next. Anyone interested?
