论文信息 - Improved Side-Channel Collision Attacks on AES

Improved Side-Channel Collision Attacks on AES

Side-channel collision attacks were proposed in [1] and applied to AES in [2]. These are based on detecting collisions in certain positions of the internal state after the first AES round for different executions of the algorithm. The attack needs about 40 measurements and 512 MB precomputed values as well as requires the chosen-plaintext possibility. In this paper we show how to mount a collision attack on AES using only 6 measurements and about 237.15 offline computational steps working with a probability of about 0.85. Another attack uses only 7 measurements and finds the full encryption key with an offline complexity of about 234.74 with a probability of 0.99. All our attacks require a negligible amount of memory only and work in the known-plaintext model. This becomes possible by considering collisions in the S-box layers both for different AES executions and within the same AES run. All the attacks work under the assumption that one-byte collisions are detectable.

Andrey Bogdanov | A. Bogdanov

[1] Robert E. Tarjan,et al. Linear Expected-Time Algorithms for Connectivity Problems , 1980, J. Algorithms.

[2] Christof Paar,et al. A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[3] Alex Biryukov,et al. Fast Software Encryption: 14th International Workshop, FSE 2007, Luxembourg, Luxembourg, March 26-28, 2007, Revised Selected Papers , 2007, FSE 2007.

[4] Vladimir N. Sachkov,et al. Probabilistic methods in combinatorial analysis: Contents , 1997 .

[5] Andrey Bogdanov,et al. Collision Attacks on AES-Based MAC: Alpha-MAC , 2007, CHES.

[6] Elisabeth Oswald,et al. An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[7] Stefan Mangard,et al. An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[8] W. J. Thron,et al. Encyclopedia of Mathematics and its Applications. , 1982 .

[9] Christof Paar,et al. A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[10] Frédéric Valette,et al. Enhancing Collision Attacks , 2004, CHES.

[11] Vincent Rijmen,et al. A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.