Logical Cryptanalysis as a SAT Problem
Journal of Automated Reasoning
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Aiding side-channel attacks on cryptographic software with satisfiability-based analysis
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Algebraic and Slide Attacks on KeeLoq
Fast Software Encryption
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Nonlinear Pseudo-Boolean Optimization: Relaxation or Propagation?
SAT '09 Proceedings of the 12th International Conference on Theory and Applications of Satisfiability Testing
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A simple power-analysis (SPA) attack on implementations of the AES key expansion
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
A formal study of power variability issues and side-channel attacks for nanoscale devices
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Cold boot key recovery by solving polynomial systems with noise
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Fresh re-keying II: securing multiple parties against side-channel and fault attacks
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Algebraic side-channel attacks beyond the hamming weight leakage model
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Practical template-algebraic side channel attacks with extremely low data complexity
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
A new model for error-tolerant side-channel cube attacks
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Measurement errors make power analysis attacks difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by [18] to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. The PBOPT instance can then be solved using a suitable optimization problem solver. The PBOPT syntax provides for a more expressive input specification which allows a very natural representation of measurement errors. Most importantly, we show that using our approach we are able to mount successful and efficient single-trace attacks even in the presence of realistic error rates of 10%-20%. We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA). We show practical attacks on two real ciphers: Keeloq and AES.