A New Model for Error-Tolerant Side-Channel Cube Attacks

  • Zhenqi Li
  • Bin Zhang
  • Junfeng Fan
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8086)


Side-channel cube attacks are a class of leakage attacks on block ciphers in which the attacker is assumed to have access to some leaked information on the internal state of the cipher as well as the plaintext/ciphertext pairs. The known Dinur-Shamir model and its variants require error-free data for at least part of the measurements. In this paper, we consider a new and more realistic model which can deal with the case when all the leaked bits are noisy. In this model, the key recovery problem is converted to the problem of decoding a binary linear code over a binary symmetric channel with the crossover probability which is determined by the measurement quality and the cube size. We use the maximum likelihood decoding method to recover the key. As a case study, we demonstrate efficient key recovery attacks on PRESENT. We show that the full 80-bit key can be restored with 210.2 measurements with an error probability of 19.4% for each measurement.


Side-channel attack Cube attack Decoding PRESENT 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.-P., Dinur, I., Meier, W., Shamir, A.: Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Aumasson, J.-P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. In: Special Purpose Hardware for Attacking Cryptographic Systems, SHARCS 2009 (2009)Google Scholar
  3. 3.
    Biryukov, A., De Cannière, C.: Block Ciphers and Systems of Quadratic Equations. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 274–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. Journal of Computer and System Sciences 47, 549–595 (1993)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Chung, S.-Y., Forney, G.D., Richardson, T., Urbanke, R.: On the design of low-density parity-check codes within 0.0045 dB of the Shannon limit. IEEE Communications Letters 5(2), 58–60 (2001)CrossRefGoogle Scholar
  7. 7.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Dinur, I., Shamir, A.: Breaking Grain-128 with Dynamic Cube Attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive. Report 2009/127 (2009)Google Scholar
  11. 11.
    Dinur, I., Shamir, A.: Generic Analysis of Small Cryptographic Leaks. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 39–48 (2010)Google Scholar
  12. 12.
    Dinur, I., Shamir, A.: Applying cube attacks to stream ciphers in realistic scenarios. Cryptography and Communications (4), 217–232 (2012)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Farebrother, R.W.: Linear Least Squares Computations. STATISTICS: Textbooks and Monographs (1988) ISBN 978-0-8247-7661-9Google Scholar
  14. 14.
    Gallager, R.G.: Low-density parity-check codes. IRE Transactions on Information Theory 8(1), 21–28 (1962)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Bard, G.V., Courtois, N.T., Nakahara Jr., J., Sepehrdad, P., Zhang, B.: Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 176–196. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. Communications and Cryptography: Two Sides of One Tapestry, 227 (1994)CrossRefGoogle Scholar
  19. 19.
    Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 379–391. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Luby, M.G., Mitzenmacher, M., Shokrollahi, M.A., Spielman, D.A.: Efficient erasure correcting codes. IEEE Transactions on Information Theory 47(2), 569–584 (2001)MathSciNetCrossRefGoogle Scholar
  21. 21.
    MacKay, D.: Good error correcting codes based on very sparse matrices. IEEE Transactions on Information Theory 45(2), 399–431 (1999)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  23. 23.
    Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic Side-Channel Analysis in the Presence of Errors. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 428–442. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Quisquater, J.J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions: the SEMA and DEMA methods[EB/OL]. In: Eurocrypt Rump Session (2000)Google Scholar
  25. 25.
    Renauld, M., Standaert, F.-X.: Algebraic Side-Channel Attacks, Cryptology ePrint Archive, report 2009/179 (2009),
  26. 26.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: Why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Shekh Faisal, A.-L., Mohammad, R.R., Willy, S., Jennifer, S.: Extended Cubes: Enhancing the cube attack by Extracting Low-Degree Non-linear Equations. In: Bruce, C., Lucas, C.K.H., Ravi, S., Duncan, S. (eds.) ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 296–305 (2011)Google Scholar
  28. 28.
    Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers C-34, 81–85 (1985)CrossRefGoogle Scholar
  29. 29.
    Vielhaber, M.: Breaking ONE.TRIVIUM by AIDA and Algebraic IV Differential Attack. IACR Cryptology ePrint Archive, 413 (2007)Google Scholar
  30. 30.
    Vielhaber, M.: AIDA Breaks (BIVIUM A and B) in 1 Minute Dual Core CPU Time. IACR Cryptology ePrint Archive, 402 (2009)Google Scholar
  31. 31.
    Wiberg, N.: Codes and decoding on general graphs. Ph.D. dissertation. Link\(\ddot{o}\)ping University, Link\(\ddot{o}\)ping, Sweden (1996) Google Scholar
  32. 32.
    Zhao, X.J., Wang, T., Guo, S.Z.: Improved Side Channel Cube Attacks on PRESENT. Cryptology ePrint Archive. Report 2011/165 (2011)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Zhenqi Li
    • 1
  • Bin Zhang
    • 2
  • Junfeng Fan
    • 3
  • Ingrid Verbauwhede
    • 3
  1. 1.IOSChinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Information Security, IIEChinese Academy of SciencesBeijingChina
  3. 3.ESAT SCD/COSICKatholieke Universiteit LeuvenBelgium

Personalised recommendations