Advertisement

Entropy Reduction for the Correlation-Enhanced Power Analysis Collision Attack

  • Andreas Wiemers
  • Dominik Klein
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)

Abstract

Side Channel Attacks are an important attack vector on secure AES implementations. The Correlation-Enhanced Power Analysis Collision Attack by Moradi et al. [MME10] is a powerful collision attack that exploits leakage caused by collisions in between S-Box computations of AES. The attack yields observations from which the AES key can be inferred. Due to noise, an insufficient number of collisions, or errors in the measurement setup, the attack does not find the correct AES key uniquely in practice, and it is unclear how to determine the key in such a scenario. Based on a theoretical analysis on how to quantify the remaining entropy, we derive a practical search algorithm. Both our theoretical analysis and practical experiments show that even in a setting with high noise or few available traces we can either successfully recover the full AES key or reduce its entropy significantly.

Notes

Acknowledgements

We would like to thank Sven Freud for creating the circuit board for power analysis, and Tobias Senger for his help with implementing the masking scheme. We also thank the anonymous reviewers for their helpful comments.

References

  1. [AARR03]
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_4CrossRefGoogle Scholar
  2. [AG01]
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_26CrossRefGoogle Scholar
  3. [BCO04]
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_2CrossRefGoogle Scholar
  4. [Bog08]
    Bogdanov, A.: Multiple-differential side-channel collision attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 30–44. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85053-3_3CrossRefGoogle Scholar
  5. [Can05]
    Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005).  https://doi.org/10.1007/11545262_32CrossRefGoogle Scholar
  6. [CB08]
    Canright, D., Batina, L.: A very compact “Perfectly Masked” S-box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68914-0_27CrossRefGoogle Scholar
  7. [CFG+11]
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23951-9_4CrossRefGoogle Scholar
  8. [CRR03]
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_3CrossRefGoogle Scholar
  9. [GGP+15]
    Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_6CrossRefGoogle Scholar
  10. [GMO01]
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_21CrossRefGoogle Scholar
  11. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  12. [Koc96]
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_9CrossRefGoogle Scholar
  13. [LMV04]
    Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 176–190. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_13CrossRefGoogle Scholar
  14. [MME10]
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_9CrossRefGoogle Scholar
  15. [MMOS16]
    Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 548–572. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_20CrossRefzbMATHGoogle Scholar
  16. [MOOS15]
    Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting Keys in Parallel After a Side Channel Attack. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 313–337. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_13CrossRefzbMATHGoogle Scholar
  17. [MS16]
    Moradi, A., Standaert, F.: Moments-correlating DPA. In: Proceedings of 2016 TIS SEC Workshop, pp. 5–15 (2016)Google Scholar
  18. [Nat01]
    National Institute of Standards and Technology: FIPS PUB 197. Advanced Encryption Standard, Technical report (2001)Google Scholar
  19. [QS01]
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45418-7_17CrossRefzbMATHGoogle Scholar
  20. [SLFP04]
    Schramm, K., Leander, G., Felke, P., Paar, C.: A collision-attack on AES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_12CrossRefzbMATHGoogle Scholar
  21. [SWP03]
    Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-39887-5_16CrossRefGoogle Scholar
  22. [VCGRS13]
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35999-6_25CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Bundesamt für Sicherheit in der Informationstechnik (BSI)BonnGermany

Personalised recommendations