Side-Channel Analysis of Grøstl and Skein

This work provides a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical MAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, we implemented HMAC-Grøstl, HMAC-Skein as well as countermeasure son a 32-bit ARM-based smart card. We also mounted power analysis attacks in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed.