Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version

Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, we discuss their relevance in the security evaluation of leaking devices with two main contributions. On one hand, we suggest that the exploitation of linear collisions in block ciphers can be naturally re-written as a Low Density Parity Check Code decoding problem. By combining this re-writing with a Bayesian extension of the collision detection techniques, we improve the efficiency and error tolerance of previously introduced attacks. On the other hand, we provide various experiments in order to discuss the practicality of such attacks compared to standard differential power analysis (DPA). Our results exhibit that collision attacks are less efficient in classical implementation contexts, e.g. 8-bit microcontrollers leaking according to a linear power consumption model. We also observe that the detection of collisions in software devices may be difficult in the case of optimized implementations, because of less regular assembly codes. Interestingly, the soft decoding approach is particularly useful in these more challenging scenarios. Finally, we show that there exist (theoretical) contexts in which collision attacks succeed in exploiting leakages, whereas all other non-profiled side-channel attacks fail.

[1]  Denis Flandre,et al.  Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box , 2011, CHES.

[2]  David Burshtein,et al.  Design and analysis of nonbinary LDPC codes for arbitrary discrete-memoryless channels , 2005, IEEE Transactions on Information Theory.

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[5]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[6]  Frédéric Valette,et al.  Enhancing Collision Attacks , 2004, CHES.

[7]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[8]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[9]  Christophe Clavier,et al.  Improved Collision-Correlation Power Analysis on First Order Protected AES , 2011, CHES.

[10]  Thomas Roche,et al.  Collision-Correlation Attack against Some 1st-Order Boolean Masking Schemes in the Context of Secure Devices , 2013, COSADE.

[11]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[12]  François-Xavier Standaert,et al.  Generic Side-Channel Distinguishers: Improvements and Limitations , 2011, IACR Cryptol. ePrint Arch..

[13]  François-Xavier Standaert,et al.  Security Evaluations Beyond Computing Power: How to Analyze Side-Channel Attacks you Cannot Mount? , 2012, IACR Cryptol. ePrint Arch..

[14]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[15]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[16]  Andrey Bogdanov,et al.  Beyond the Limits of DPA: Combined Side-Channel Collision Attacks , 2012, IEEE Transactions on Computers.

[17]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[18]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[19]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[20]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[21]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[22]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[23]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[24]  François-Xavier Standaert,et al.  Unified and Optimized Linear Collision Attacks and Their Application in a Non-profiled Setting , 2012, CHES.

[25]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[26]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[27]  Matthew J. B. Robshaw,et al.  Cryptographic Hardware and Embedded Systems – CHES 2014 , 2014, Lecture Notes in Computer Science.