Towards Easy Key Enumeration

Key enumeration solutions are post-processing schemes for the output sequences of side channel distinguishers, the application of which are prevented by very large key candidate space and computation power requirements. The attacker may spend several days or months to enumerate a huge key space (e.g. 2). In this paper, we aim at preprocessing and reducing the key candidate space by deleting impossible key candidates before enumeration. A new distinguisher named Group Collision Attack (GCA) is given. Moreover, we introduce key verification into key recovery and a new divide and conquer strategy named Key Grouping Enumeration (KGE) is proposed. KGE divides the huge key space into several groups and uses GCA to delete impossible key combinations and output possible ones in each group. KGE then recombines the remaining key candidates in each group using verification. The number of remaining key candidates becomes much smaller through these two impossible key candidate deletion steps with a small amount of computation. Thus, the attacker can use KGE as a pre-processing tool of key enumeration and enumerate the key more easily and fast in a much smaller candidate space.

[1]  Jerry den Hartog,et al.  Improving DPA by Peak Distribution Analysis , 2010, Selected Areas in Cryptography.

[2]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[3]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[4]  Thomas Eisenbarth,et al.  Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery , 2014, CARDIS.

[5]  Andrey Bogdanov,et al.  Beyond the Limits of DPA: Combined Side-Channel Collision Attacks , 2012, IEEE Transactions on Computers.

[6]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Romain Poussier,et al.  Comparing Approaches to Rank Estimation for Side-Channel Security Evaluations , 2015, CARDIS.

[8]  Elisabeth Oswald,et al.  Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations , 2016, IACR Cryptol. ePrint Arch..

[9]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[10]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[11]  Romain Poussier,et al.  Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment , 2015, FSE.

[12]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[13]  An Wang,et al.  Fault-Tolerant Linear Collision Attack: A Combination with Correlation Power Analysis , 2014, ISPEC.

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Degang Sun,et al.  Group Verification Based Multiple-Differential Collision Attack , 2016, ICICS.

[16]  Romain Poussier,et al.  Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach , 2016, CHES.

[17]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[18]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[19]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[20]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[21]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[22]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[23]  Elisabeth Oswald,et al.  Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.

[24]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[25]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[26]  Andrey Bogdanov,et al.  Fast and Memory-Efficient Key Recovery in Side-Channel Attacks , 2015, SAC.

[27]  Avishai Wool,et al.  A Bounded-Space Near-Optimal Key Enumeration Algorithm for Multi-subkey Side-Channel Attacks , 2017, CT-RSA.

[28]  Tanja Lange,et al.  Tighter, faster, simpler side-channel security evaluations beyond computing power , 2015, IACR Cryptol. ePrint Arch..