Using the Joint Distributions of a Cryptographic Function in Side Channel Analysis

  • Yanis LingeEmail author
  • Cécile Dumas
  • Sophie Lambert-Lacroix
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)


The Side Channel Analysis is now a classic way to retrieve a secret key in the smart-card world. Unfortunately, most of the ensuing attacks require the plaintext or the ciphertext used by the embedded algorithm. In this article, we present a new method for exploiting the leakage of a device without this constraint. Our attack is based on a study of the leakage distribution of internal data of a cryptographic function and can be performed not only at the beginning or the end of the algorithm, but also at every instant that involves the secret key. This paper focuses on the distribution study and the resulting attack. We also propose a way to proceed in a noisy context using smart distances. We validate our proposition by practical results on an AES128 software implemented on a ATMega2561 and on the DPAContest v4 [32].


AES software Power analysis Side-channel attacks Smart-card Statistical attack DPAContest V4 



We would like to thank Victor Lomné for providing us traces and suggestions. We are also grateful to Thomas Roche and Christophe Giraud for their reviews and helpful comments.


  1. 1.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. 2.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A.: Improved side-channel collision attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  5. 5.
    Cha, S.-H.: Comprehensive survey on distance/similarity measures between probability density functions. Int. J. Math. Models Methods Appl. Sci. 1(4), 300–307 (2007)MathSciNetGoogle Scholar
  6. 6.
    Chari, S., Rao, J., Rohatgi, P.: Template attack. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  7. 7.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael (1998)Google Scholar
  9. 9.
    Debraize, B.: Efficient and provably secure methods for switching from arithmetic to boolean masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 107–121. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis - a generic side-channel distinguisher. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  11. 11.
    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 15–29. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  12. 12.
    Goubin, L., Patarin, J.: DES and differential power analysis - The duplication method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  13. 13.
    Joye, M., Paillier, P., Schoenmakers, B.: On second-order differential power analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 293–308. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  14. 14.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  15. 15.
    Le, T.-H., Clédière, J., Servière, C., Lacoume, J.-L.: Noise reduction in side channel attack using fourth-order cumulant. IEEE Trans. Inf. Forensics Secur. 2(4), 710–720 (2007)CrossRefGoogle Scholar
  16. 16.
    Lerman, L., Medeiros, S.F., Veshchikov, N., Meuter, C., Bontempi, G., Markowitch, O.: Semi-supervised template attack. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 184–199. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  17. 17.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attack - Revealing the Secret of Smart Cards. Springer, Heidelberg (2007)Google Scholar
  18. 18.
    Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  19. 19.
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  20. 20.
    Oswald, E., Mangard, S., Pramstaller, N.: Secure and efficient masking of AES - A mission impossible? Cryptology ePrint Archive, Report 2004/134.
  21. 21.
    Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic side-channel analysis in the presence of errors. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 428–442. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  22. 22.
    Oren, Y., Wool, A.: Tolerant algebraic side-channel analysis of AES. Cryptology ePrint Archive, report 2012/092.
  23. 23.
    Rivain, M.: On the physical security of cryptographic implementations. Ph.D. thesis, University of Luxembourg (2009)Google Scholar
  24. 24.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: DATE 2012, 1173–1178 (2012)Google Scholar
  25. 25.
    Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  26. 26.
    Renauld, M., Standaert. F-X.: Algebraic side-channel attacks. Cryptology ePrint Archive, report 2009/279.
  27. 27.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  28. 28.
    Saied Emam Mohamed, M., Bulygin, S., Zohner, M., Heuser, A., Walter, M.: Improved algebraic side-channel attack on AES. Cryptology ePrint Archive, report 2012/084.
  29. 29.
    Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  30. 30.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  31. 31.
    Federal Information Processing. Data Encryption Standard. Standards Publication 46-1 National Technical Information Service, U.S. Dept. of Commerce (1977)Google Scholar
  32. 32.
  33. 33.
    EMVCo EMV Integrated Circuit Card Specifications for Payment Systems, Book 2, Security and Key Management, Version 4.3, November 2011Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yanis Linge
    • 1
    • 2
    Email author
  • Cécile Dumas
    • 1
  • Sophie Lambert-Lacroix
    • 2
  1. 1.CEA-LETI/MINATECGrenoble Cedex 9France
  2. 2.UJF-Grenoble 1/CNRS/UPMF/TIMC-IMAG UMR 5525GrenobleFrance

Personalised recommendations