A timing attack on the CIKS-1 block cipher

The use of data-dependent transformations has been an area of increasing interest for the designers of ciphers. In particular, data-dependent permutations (DDPs) provide a fast and simple cryptologic primitive when implemented in hardware. However, when a DDP block is naively implemented in software, it can reveal information about the Hamming weight of the control vector applied to it. Specifically, when a subkey is used as a control vector then information about the Hamming weight of the subkey can be directly obtained from timing information. This potentially leaves ciphers heavily dependent on DDPs vulnerable to timing attacks. In this paper, we examine the application of a timing attack to the CIKS-1 symmetric block cipher. The analysis is motivated by the possibility that a naive implementation of the DDPs used in CIKS-1 would result in encryption taking a time that is a function of data. Such implementations are possible in software environments, typically in embedded systems such as smart cards. The methodology of deriving the Hamming weight of the key using a known plaintext attack based on timing information is outlined and is followed by a discussion of the results. Further, a simple means of thwarting the timing attack in a software implementation is presented