CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Introduction to Information Retrieval
Introduction to Information Retrieval
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A simple power-analysis (SPA) attack on implementations of the AES key expansion
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Algebraic side-channel analysis in the presence of errors
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Algebraic side-channel attacks
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
A formal study of power variability issues and side-channel attacks for nanoscale devices
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Practical template-algebraic side channel attacks with extremely low data complexity
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Semi-Supervised template attack
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
On the effectiveness of the remanence decay side-channel to clone memory-based PUFs
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustness-information tradeoff can be simplified by using an optimizer, which exploits the probability data output by a side-channel decoder, instead of a standard SAT solver. For this purpose, we describe a way of representing the leak equations as vectors of aposteriori probabilities, enabling a natural integration of template attacks and ASCA. Next, we put forward the applicability of ASCA against devices which do not conform to simple leakage models (e.g. based on the Hamming weight of the manipulated data). We finally report on various experiments that illustrate the strengths and weaknesses of standard and optimizing solvers in various settings, hence demonstrating the versatility of ASCA.