Differential Bias Attack for Block Cipher Under Randomized Leakage with Key Enumeration

  • Haruhisa KosugeEmail author
  • Hidema Tanaka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10239)


In the formal analysis of side-channel attacks, a theoretical model of side-channel information (leakage model) is supposed and dedicated attacks for the model are considered. In ASIACRYPT2015, a new leakage model for the analysis of block cipher was proposed by Bogdanov et al. The model assumes an adversary who has leaked values whose positions are unknown and randomly chosen from internal results (random leakage model). They also proposed an attack, differential bias attack for the model. This paper improves the security analysis on AES under the random leakage model. In the previous method, the adversary requires at least \(2^{34}\) chosen plaintexts, therefore, it is infeasible to recover a secret key with a small number of data. However, there may be an adversary who can recover the secret key using his computing power. To consider the security against the adversary, we reestimate complexity for the adversary given a small number of data. We propose another hypothesis-testing method which can minimize the number of required data. The reestimation of complexity shows that the proposed method requires time complexity more than \(T>2^{60}\) because of time-data tradeoff, however, some attacks are feasible under \(T\le 2^{80}\). In addition to the above method, we apply key enumeration to differential bias attack, and evaluate its efficiency by rank estimation. From the experimental evaluation, we show that the success rate of the attack can be practical if there is an advantageous restriction on the positions of leaked values.


Block cipher Side-channel attack Formal security analysis Leakage model AES Differential bias attack Key enumeration Rank estimation 


  1. 1.
    Bernstein, D.J., Lange, T., van Vredendaal, C.: Tighter, faster, simpler side-channel security evaluations beyond computing power. Cryptology ePrint Archive, report 2015/221 (2015)Google Scholar
  2. 2.
    Bogdanov, A., Isobe, T.: How secure is AES under leakage. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 361–385. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_15 CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 310–327. Springer, Cham (2016). doi: 10.1007/978-3-319-31301-6_19 CrossRefGoogle Scholar
  4. 4.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi: 10.1007/3-540-36400-5_3 CrossRefGoogle Scholar
  5. 5.
    David, L., Wool, A.: A bounded-space near-optimal key enumeration algorithm for multi-dimensional side-channel attacks. Cryptology ePrint Archive, report 2015/1236 (2015)Google Scholar
  6. 6.
    Dinur, I., Shamir, A.: Side channel cube attacks on block ciphers. Cryptology ePrint Archive, report 2009/127 (2009)Google Scholar
  7. 7.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)CrossRefGoogle Scholar
  8. 8.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_16 Google Scholar
  9. 9.
    Fluhrer, S.R., McGrew, D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Goos, G., Hartmanis, J., Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2001). doi: 10.1007/3-540-44706-7_2 CrossRefGoogle Scholar
  10. 10.
    Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48116-5_6 CrossRefGoogle Scholar
  11. 11.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_27 CrossRefGoogle Scholar
  12. 12.
    Kleinjung, T., Lenstra, A.K., Page, D., Smart, N.P.: Using the cloud to determine key strengths. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 17–39. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34931-7_3 CrossRefGoogle Scholar
  13. 13.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 Google Scholar
  14. 14.
    Mantin, I.: Predicting and distinguishing attacks on RC4 keystream generator. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005). doi: 10.1007/11426639_29 CrossRefGoogle Scholar
  15. 15.
    Manzoor, K., et al.: Efficient practical key recovery for side-channel attacks. Master’s thesis, Aalto University, June 2014Google Scholar
  16. 16.
    Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 313–337. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_13 CrossRefGoogle Scholar
  17. 17.
    Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 61–81. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53140-2_4 CrossRefGoogle Scholar
  18. 18.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_8 CrossRefGoogle Scholar
  19. 19.
    Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39887-5_16 CrossRefGoogle Scholar
  20. 20.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35999-6_25 CrossRefGoogle Scholar
  21. 21.
    Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_8 CrossRefGoogle Scholar
  22. 22.
    Wald, A.: Sequential tests of statistical hypotheses. In: Kotz, S., Johnson, N.L. (eds.) Breakthroughs in Statistics, pp. 256–298. Springer, Heidelberg (1992)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.National Defense Academy of JapanYokosukaJapan

Personalised recommendations