Power Analysis Attacks on the Customizable MK-3 Authenticated Encryption Algorithm

MK-3 is an authenticated encryption scheme based on the duplex sponge construction, suitable for both hardware and software. It provides broad factory and field customization features. The same security claims are valid for the original and all recommended customizations. Extensive security analyses of MK-3 were performed in our previous work: differential, linear, cube, and brute force attacks, as well as statistical analysis. In this work we report on new experiments involving Correlation Power Analysis (CPA), which is considered one of the most powerful side-channel attack (SCA) techniques. Two CPA attacks on MK-3 were developed: the first directly after the key absorption, and the second after the S-boxes in the first round of IV absorption. In the first attack, under strong assumptions about an attacker's capability to collect traces, we can recover 128 of the 512 state bits in a physical test on an FPGA. The second attack builds on top of the first one, but it assumes that special registers have been embedded after the S-boxes. Even under such ideal conditions, this attack can potentially reduce the brute-forcing difficulty only by an additional 88 to 194 bits. Overall, this gives the CPA attack no advantage over brute-forcing for the original 128-bit key. The previous and current results ensure that MK-3 and its customized versions effectively conceal its plaintext input.