Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Fast Side-Channel Key-Recovery Attack against Elephant Dumbo

May 10, 2022


Louis Vialar - EPFL, Kudelski Security Research Team


In this paper, we present an efficient side-channel key recovery attack against Dumbo, the 160-bit variant of NIST lightweight cryptography contest candidate Elephant. We use Correlation Power Analysis to attack the first round of the Spongent permutation during the absorption of the first block of associated data. The full attack runs in about a minute on a common laptop and only requires around 30 power traces to recover the entire secret key on an ARM Cortex-M4 microcontroller clocked at 7.4MHz. This is, to the best of our knowledge, the first attack of this type presented against Elephant.

Presented at

LWC Workshop 2022

Event Details



Related Topics

Security and Privacy: cryptography

Created May 05, 2022, Updated May 11, 2022