Comprehensive Side-Channel Power Analysis of XTS-AES

XTS-advanced encryption standard (AES) is an advanced mode of AES for data protection of sector-based devices. It features two secret keys instead of one, and an additional tweak for each data block. These characteristics make the mode not only resistant against cryptoanalysis attacks, but also more challenging for side-channel attack. In this paper, we comprehensively analyze the side-channel power leakage of various XTS-AES implementations and invent effective attacks. We first run a simple power analysis of a software implementation. For a hardware implementation on field-programmable gate array (FPGA), we analyze side-channel leakage of the particular modular multiplication in XTS-AES mode. In addition, we utilize the relationship between two consecutive block tweaks and propose a method to work around the masking of ciphertext by the tweak. These attacks are verified on an FPGA implementation of XTS-AES. The results show that XTS-AES is susceptible to side-channel power analysis attacks, and therefore dedicated protections are required for security of XTS-AES in storage devices.