Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA

Authors:
Mathieu Renauld;François-Xavier Standaert;Nicolas Veyrat-Charvillon
Affiliations:
UCL Crypto Group, Université catholique de Louvain, Louvain-la-Neuve B-1348;UCL Crypto Group, Université catholique de Louvain, Louvain-la-Neuve B-1348;UCL Crypto Group, Université catholique de Louvain, Louvain-la-Neuve B-1348
Venue:
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Year:
2009

Citing 14
Cited 18

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Template Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A block cipher based pseudo random number generator secure against side-channel key recovery

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Two New Techniques of Side-Channel Cryptanalysis

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A Leakage-Resilient Mode of Operation

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Blind differential cryptanalysis for enhanced power attacks

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
A simple power-analysis (SPA) attack on implementations of the AES key expansion

ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Algebraic cryptanalysis of the data encryption standard

Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Improved side-channel collision attacks on AES

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Block ciphers sensitive to gröbner basis attacks

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
An AES smart card implementation resistant to power analysis attacks

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
An efficient masking scheme for AES software implementations

WISA'05 Proceedings of the 6th international conference on Information Security Applications

Practical leakage-resilient pseudorandom generators

Proceedings of the 17th ACM conference on Computer and communications security
Algebraic side-channel analysis in the presence of errors

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
How leaky is an extractor?

LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
On side-channel resistant block cipher usage

ISC'10 Proceedings of the 13th international conference on Information security
Algebraic side-channel attacks

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Cryptanalysis of CLEFIA using differential methods with cache trace patterns

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
A formal study of power variability issues and side-channel attacks for nanoscale devices

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Fresh re-keying: security against side-channel and fault attacks for low-cost devices

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Practical power analysis attacks on software implementations of mceliece

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Fresh re-keying II: securing multiple parties against side-channel and fault attacks

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation

COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Algebraic side-channel attacks beyond the hamming weight leakage model

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Towards super-exponential side-channel security with efficient leakage-resilient PRFs

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Controversy Corner: Efficient Hamming weight-based side-channel cube attacks on PRESENT

Journal of Systems and Software
Leakage Mapping: A Systematic Methodology for Assessing the Side-Channel Information Leakage of Cryptographic Implementations

ACM Transactions on Information and System Security (TISSEC)
Practical template-algebraic side channel attacks with extremely low data complexity

Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Side channel analysis of the SHA-3 finalists

DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
A new model for error-tolerant side-channel cube attacks

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Algebraic side-channel attacks have been recently introduced as a powerful cryptanalysis technique against block ciphers. These attacks represent both a target algorithm and its physical information leakages as an overdefined system of equations that the adversary tries to solve. They were first applied to PRESENT because of its simple algebraic structure. In this paper, we investigate the extent to which they can be exploited against the AES Rijndael and discuss their practical specificities. We show experimentally that most of the intuitions that hold for PRESENT can also be observed for an unprotected implementation of Rijndael in an 8-bit controller. Namely, algebraic side-channel attacks can recover the AES master key with the observation of a single encrypted plaintext and they easily deal with unknown plaintexts/ciphertexts in this context. Because these attacks can take advantage of the physical information corresponding to all the cipher rounds, they imply that one cannot trade speed for code size (or gate count) without affecting the physical security of a leaking device. In other words, more intermediate computations inevitably leads to more exploitable leakages. We analyze the consequences of this observation on two different masking schemes and discuss its impact on other countermeasures. Our results exhibit that algebraic techniques lead to a new understanding of implementation weaknesses that is different than classical side-channel attacks.