A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
An efficient masking scheme for AES software implementations
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Multiple-Differential Side-Channel Collision Attacks on AES
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Analysis of the split mask countermeasure for embedded systems
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
Improved trace-driven cache-collision attacks against embedded AES implementations
WISA'10 Proceedings of the 11th international conference on Information security applications
Algebraic side-channel attacks
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Improved collision-correlation power analysis on first order protected AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Meet-in-the-middle and impossible differential fault analysis on AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fresh re-keying II: securing multiple parties against side-channel and fault attacks
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Overcoming significant noise: correlation-template-induction attack
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Statistical tools flavor side-channel collision attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Unified and optimized linear collision attacks and their application in a non-profiled setting
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Key-Dependent weakness of AES-Based ciphers under clockwise collision distinguisher
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Cryptoanalysis and improvement of smart prepayment meter protocol in standard Q/GDW 365
International Journal of Grid and Utility Computing
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
First-order collision attack on protected NTRU cryptosystem
Microprocessors & Microsystems
Hi-index | 0.00 |
Side-channel collision attacks were proposed in [1] and applied to AES in [2]. These are based on detecting collisions in certain positions of the internal state after the first AES round for different executions of the algorithm. The attack needs about 40 measurements and 512 MB precomputed values as well as requires the chosen-plaintext possibility. In this paper we show how to mount a collision attack on AES using only 6 measurements and about 237.15 offline computational steps working with a probability of about 0.85. Another attack uses only 7 measurements and finds the full encryption key with an offline complexity of about 234.74 with a probability of 0.99. All our attacks require a negligible amount of memory only and work in the known-plaintext model. This becomes possible by considering collisions in the S-box layers both for different AES executions and within the same AES run. All the attacks work under the assumption that one-byte collisions are detectable.