Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher

  • Toshiki Nakasone
  • Yang Li
  • Yu Sasaki
  • Mitsugu Iwamoto
  • Kazuo Ohta
  • Kazuo Sakiyama
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7839)


In 2011, Li et al. proposed a series of side-channel attacks that are related to a fundamental side-channel leakage source called clockwise collision. This paper discloses the fact that hardware implementations of AES-based ciphers could have weak keys assuming that the leakage of clockwise collision is distinguishable. In order to explain this, we firstly set up an evaluation method by introducing a threshold-based distinguisher that takes an advantage of the locality of ElectroMagnetic (EM) measurements. Secondly, we discuss that the probability of clockwise collision depends on the key values and the byte positions in the AES states. Thirdly, based on practical EM measurements and mathematical analysis, we quantitatively evaluate the relationship between the probability of clockwise collision and the vulnerability to the side-channel attack. Finally, the discussion is extended to the design methodology of AES-based ciphers, i.e., the parameter selection for S-box and ShiftRows.


Side-channel attack Electromagnetic analysis Clockwise collision Weak key AES-based cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Trans. Computers 51(5), 541–552 (2002)MathSciNetGoogle Scholar
  7. 7.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Power and Electromagnetic Analysis: Improved Model, Consequences and Comparisons. Integration, the VLSI Journal 40(1), 52–60 (2007)CrossRefGoogle Scholar
  10. 10.
    Mateos, E., Gebotys, C.H.: Side Channel Analysis using Giant Magneto-Resistive (GMR) Sensors. In: Proc. of Second International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2011, pp. 42–49 (2011)Google Scholar
  11. 11.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Schramm, K., Wollinger, T., Paar, C.: A New Class of Collision Attacks and Its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Bogdanov, A.: Improved Side-Channel Collision Attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-Enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Moradi, A.: Statistical Tools Flavor Side-Channel Collision Attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 428–445. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis – Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (2011),
  18. 18.
    Kirschbaum, M., Schmidt, J.-M.: Learning from Electromagnetic Emanations - A Case Study of iMDPL. In: Second International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2011, pp. 50–55 (2011)Google Scholar
  19. 19.
    Dehbaoui, A., Lomne, V., Maurine, P., Torres, L., Robert, M.: Enhancing Electromagnetic Attacks Using Spectral Coherence Based Cartography. In: Becker, J., Johann, M., Reis, R. (eds.) VLSI-SoC 2009. IFIP AICT, vol. 360, pp. 135–155. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Meynard, O., Réal, D., Flament, F., Guilley, S., Homma, N., Danger, J.-L.: Enhancement of Simple Electro-Magnetic Attacks by Pre-characterization in Frequency Domain and Demodulation Techniques. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2011, pp. 1004–1009. IEEE (2011)Google Scholar
  21. 21.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    National Institute of Advanced Industrial Science and Technology (AIST), Side-channel Attack Standard Evaluation Board (SASEBO),
  23. 23.
    Tohoku University, Cryptographic Hardware Project: Project Webpage,
  24. 24.
    Gueron, S.: Intel’s New AES Instructions for Enhanced Performance and Security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Toshiki Nakasone
    • 1
  • Yang Li
    • 1
  • Yu Sasaki
    • 2
  • Mitsugu Iwamoto
    • 1
  • Kazuo Ohta
    • 1
  • Kazuo Sakiyama
    • 1
  1. 1.Dept. of InformaticsThe University of Electro-CommunicationsChofuJapan
  2. 2.NTT Secure Platform LaboratoriesNTT CorporationMusashino-shiJapan

Personalised recommendations