Abstract
Previous blind side-channel analysis have been proposed to recover a block cipher secret key while neither the plaintext nor the ciphertext is available to the attacker. A recent improvement has been proposed that deals with several first-order Boolean masking schemes. Unfortunately the proposed attacks only work if at least two intermediate states that involve a same key byte are protected by a same mask. In this paper we describe a quadrivariate analysis which involves a pair of key bytes and allows to threaten improved Boolean masked implementations where all masks on inputs of AddRoundKey, SubBytes and MixColumns (respectively \(r_m\), \(r_x\) and \(r_y\)) related to a same key byte are independant.
Our attack comes in two flavors: in a first variant the attacker learns Hamming distances between pairs of expanded key bytes of his choice while in the other variant he learns whether two pairs of extended key bytes share the same unknown Hamming distance. We provide an analysis and simulation results which demonstrate that the ciphering key can be recovered in both settings.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
An m-x attack – respectively an m-y or m-x-y attack – is one that is based on the joint distribution of \(({{\mathrm{HW}}}(m),{{\mathrm{HW}}}(x))\) – respectively on the joint distribution of \(({{\mathrm{HW}}}(m),{{\mathrm{HW}}}(y))\) or of \(({{\mathrm{HW}}}(m),{{\mathrm{HW}}}(x),{{\mathrm{HW}}}(y))\). With this notation, Linge’s first blind side-channel analysis was an m-y attack.
- 2.
In that case, the distributions show linear structures like “walls”.
- 3.
Later, we show how to detect small errors. Once detected erroneous Hamming distances can simply be ignored.
- 4.
Or only the mask couple \((r_m,r_x)_{10}\) for \(K_{10}\).
- 5.
The leakage function does not even need to be a linear function of the Hamming weights. Though it must be the same in the target areas of all key bytes.
References
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Clavier, C., Marion, D., Wurcker, A.: Simple power analysis on AES key expansion revisited. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 279–297. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_16
Clavier, C., Reynaud, L.: Improved blind side-channel analysis by exploitation of joint distributions of leakages. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 24–44. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_2
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_27
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Le Bouder, H.: Un formalisme unifiant les attaques physiques sur circuits cryptographiques et son exploitation afin de comparer et rechercher de nouvelles attaques. Ph.D. thesis, École Nationale Supérieure des Mines de Saint-Étienne (2014)
Linge, Y., Dumas, C., Lambert-Lacroix, S.: Using the joint distributions of a cryptographic function in side channel analysis. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 199–213. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10175-0_14
VanLaven, J., Brehob, M., Compton, K.J.: A computationally feasible SPA attack on AES VIA optimized search. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 577–588. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-25660-1_38
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Clavier, C., Reynaud, L., Wurcker, A. (2018). Quadrivariate Improved Blind Side-Channel Analysis on Boolean Masked AES. In: Fan, J., Gierlichs, B. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2018. Lecture Notes in Computer Science(), vol 10815. Springer, Cham. https://doi.org/10.1007/978-3-319-89641-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-89641-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-89640-3
Online ISBN: 978-3-319-89641-0
eBook Packages: Computer ScienceComputer Science (R0)