Quadrivariate Improved Blind Side-Channel Analysis on Boolean Masked AES

  • Christophe ClavierEmail author
  • Léo Reynaud
  • Antoine Wurcker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10815)


Previous blind side-channel analysis have been proposed to recover a block cipher secret key while neither the plaintext nor the ciphertext is available to the attacker. A recent improvement has been proposed that deals with several first-order Boolean masking schemes. Unfortunately the proposed attacks only work if at least two intermediate states that involve a same key byte are protected by a same mask. In this paper we describe a quadrivariate analysis which involves a pair of key bytes and allows to threaten improved Boolean masked implementations where all masks on inputs of AddRoundKey, SubBytes and MixColumns (respectively \(r_m\), \(r_x\) and \(r_y\)) related to a same key byte are independant.

Our attack comes in two flavors: in a first variant the attacker learns Hamming distances between pairs of expanded key bytes of his choice while in the other variant he learns whether two pairs of extended key bytes share the same unknown Hamming distance. We provide an analysis and simulation results which demonstrate that the ciphering key can be recovered in both settings.


Unknown plaintext Joint distributions Maximum likelihood Boolean masking 


  1. 1.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). Scholar
  2. 2.
    Clavier, C., Marion, D., Wurcker, A.: Simple power analysis on AES key expansion revisited. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 279–297. Springer, Heidelberg (2014). Scholar
  3. 3.
    Clavier, C., Reynaud, L.: Improved blind side-channel analysis by exploitation of joint distributions of leakages. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 24–44. Springer, Cham (2017). Scholar
  4. 4.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). Scholar
  5. 5.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  6. 6.
    Le Bouder, H.: Un formalisme unifiant les attaques physiques sur circuits cryptographiques et son exploitation afin de comparer et rechercher de nouvelles attaques. Ph.D. thesis, École Nationale Supérieure des Mines de Saint-Étienne (2014)Google Scholar
  7. 7.
    Linge, Y., Dumas, C., Lambert-Lacroix, S.: Using the joint distributions of a cryptographic function in side channel analysis. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 199–213. Springer, Cham (2014). Scholar
  8. 8.
    VanLaven, J., Brehob, M., Compton, K.J.: A computationally feasible SPA attack on AES VIA optimized search. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 577–588. Springer, Boston, MA (2005). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Université de Limoges, XLIM-CNRSLimogesFrance
  2. 2.eshardMartillacFrance

Personalised recommendations