Single-Trace Side-Channel Analysis on Polynomial-Based MAC Schemes

Rei Ueno, Kazuhide Fukushima, Yuto Nakano, Shinsaku Kiyomoto, Naofumi Homma

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This paper presents the first side-channel analysis (SCA) on polynomial-based message authentication code (MAC) schemes which is applicable to Poly1305. Typical SCAs (e.g., simple power analysis (SPA) and differential power analysis (DPA)) and conventional attacks on GCM/GMAC that focus on the first multiplication result in the universal hashing (i.e., polynomial evaluation) cannot be applied to Poly1305 owing to one-time keys and the structure of prime-field multiplication. On the other hand, the proposed attack retrieves the hash key from a single side-channel trace (e.g., a power/EM trace given by one execution) with a non-negligible probability and is applicable to polynomial-based MAC schemes implemented on an 8-bit micro-controller. The proposed attack allows the attacker to forge the authentication tag even if the hash key is a one-time key. The basic idea of the proposed attack is to exploit the addition in polynomial-based MAC schemes. Since the output or one input of the addition in these MAC schemes is known, we can efficiently estimate the unknown operands of addition, and then retrieve the hash key by the polynomial factorizations with the estimated candidates. This study also shows a cost-effective countermeasure for ChaCha20-Poly1305 using a combination of a lightweight masked Poly1305 and first-order mask conversion from Boolean to arithmetic.

Original languageEnglish
Title of host publicationConstructive Side-Channel Analysis and Secure Design - 11th International Workshop, COSADE 2020, Revised Selected Papers
EditorsGuido Marco Bertoni, Francesco Regazzoni
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages25
ISBN (Print)9783030687724
Publication statusPublished - 2021
Event11th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2020 - Lugano, Switzerland
Duration: 2020 Apr 12020 Apr 3

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12244 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference11th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2020


  • Authenticated encryption
  • ChaCha20-Poly1305
  • Message authentication code
  • Polynomial hash function
  • Side-channel analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Single-Trace Side-Channel Analysis on Polynomial-Based MAC Schemes'. Together they form a unique fingerprint.

Cite this