Pragmatism vs. Elegance: Comparing Two Approaches to Simple Power Attacks on AES

  • Valentina BanciuEmail author
  • Elisabeth Oswald
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)


Simple side-channel attacks trade off data complexity (i.e. the number of side-channel observations needed for a successful attack) with computational complexity (i.e. the number of operations applied to the side-channel traces). In the specific example of Simple Power Analysis (SPA) attacks on the Advanced Encryption Standard (AES), two approaches can be found in the literature, one which is a pragmatic approach that involves basic techniques such as efficient enumeration of key candidates, and one that is seemingly more elegant and uses algebraic techniques. Both of these different techniques have been used in complementary settings: the pragmatic attacks were solely applied to the key schedule whereas the more elegant methods were only applied to the encryption rounds. In this article, we investigate how these methods compare in what we consider to be a more practical setting in which adversaries gain access to erroneous information about both key schedule and encryption rounds. We conclude that the pragmatic enumeration technique better copes with erroneous information which makes it more interesting in practice.



Valentina Banciu has been supported by EPSRC via grant EP/H049606/1. Elisabeth Oswald has been supported in part by EPSRC via grant EP/I005226/1.

Supplementary material


  1. 1.
    Bard, G.V., Courtois, N., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via SAT-solvers. IACR Cryptol. ePrint Arch. 2007, 24 (2007)Google Scholar
  2. 2.
    Carlet, C., Faugère, J.-C., Goyet, C., Renault, G.: Analysis of the algebraic side channel attack. J. Cryptogr. Eng. 2(1), 45–62 (2012)CrossRefGoogle Scholar
  3. 3.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. IACR Cryptol. ePrint Arch. 2002, 44 (2002)Google Scholar
  4. 4.
    Creignou, N., Daude, H.: Satisfiability threshold for random XOR-CNF formulas. Discrete Appl. Math. 96, 41–53 (1999)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael. In: First Advanced Encryption Standard (AES) Conference (1998)Google Scholar
  6. 6.
    Gligoroski, D., Moe, M.E.: On deviations of the AES S-box when represented as vector valued Boolean function. Int. J. Comput. Sci. Netw. Secur. 7(4), 156–163 (2007)Google Scholar
  7. 7.
    Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  8. 8.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  9. 9.
    Mangard, S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 343–358. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  10. 10.
    Mohamed, M.S.E., Bulygin, S., Zohner, M., Heuser, A., Walter, M., Buchmann, J.: Improved algebraic side-channel attack on AES. In: HOST, pp. 146–151 (2012)Google Scholar
  11. 11.
    Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic side-channel analysis in the presence of errors. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 428–442. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  12. 12.
    Oren, Y., Renauld, M., Standaert, F.-X., Wool, A.: Algebraic side-channel attacks beyond the hamming weight leakage model. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 140–154. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  14. 14.
    Renauld, M., Standaert, F.-X.: Combining algebraic and side-channel cryptanalysis against block ciphers. In: 30-th Symposium on Information Theory in the Benelux (2009)Google Scholar
  15. 15.
    Renauld, M., Standaert, F.-X.: Representation-, leakage- and cipher- dependencies in algebraic side-channel attacks. In: Industrial track of ACNS 2010 (2010)Google Scholar
  16. 16.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  17. 17.
    Zhao, X., Zhang, F., Guo, S., Wang, T., Shi, Z., Liu, H., Ji, K.: MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 231–248. Springer, Heidelberg (2012) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations