Pragmatism vs. Elegance: Comparing Two Approaches to Simple Power Attacks on AES

Simple side-channel attacks trade off data complexity (i.e. the number of side-channel observations needed for a successful attack) with computational complexity (i.e. the number of operations applied to the side-channel traces). In the specific example of Simple Power Analysis (SPA) attacks on the Advanced Encryption Standard (AES), two approaches can be found in the literature, one which is a pragmatic approach that involves basic techniques such as efficient enumeration of key candidates, and one that is seemingly more elegant and uses algebraic techniques. Both of these different techniques have been used in complementary settings: the pragmatic attacks were solely applied to the key schedule whereas the more elegant methods were only applied to the encryption rounds. In this article, we investigate how these methods compare in what we consider to be a more practical setting in which adversaries gain access to erroneous information about both key schedule and encryption rounds. We conclude that the pragmatic enumeration technique better copes with erroneous information which makes it more interesting in practice.

[1]  François-Xavier Standaert,et al.  Combining Algebraic and Side-Channel Cryptanalysis against Block Ciphers , 2009 .

[2]  Avishai Wool,et al.  Algebraic Side-Channel Attacks Beyond the Hamming Weight Leakage Model , 2012, CHES.

[3]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[4]  Tao Wang,et al.  MDASCA: An Enhanced Algebraic Side-Channel Attack for Error Tolerance and New Leakage Model Exploitation , 2012, COSADE.

[5]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[6]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[7]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[8]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[9]  Claude Carlet,et al.  Analysis of the algebraic side channel attack , 2012, Journal of Cryptographic Engineering.

[10]  François-Xavier Standaert,et al.  Representation-, Leakage- and Cipher-Dependencies in Algebric Sidde-Channel Attacks , 2010, ACNS 2010.

[11]  D. Gligoroski,et al.  On Deviations of the AES S-box when Represented as Vector Valued Boolean Function , 2007 .

[12]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[13]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[14]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[15]  Avishai Wool,et al.  Algebraic Side-Channel Analysis in the Presence of Errors , 2010, CHES.

[16]  Annelie Heuser,et al.  Improved algebraic side-channel attack on AES , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[17]  Nadia Creignou,et al.  Satisfiability Threshold for Random XOR-CNF Formulas , 1999, Discret. Appl. Math..

[18]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.