Improved Collision-Correlation Power Analysis on First Order Protected AES

The recent results presented by Moradi et al. on AES at CHES 2010 and Witteman et al. on square-and-multiply always RSA exponentiation at CT-RSA 2011 have shown that collision-correlation power analysis is able to recover the secret keys on embedded implementations. However, we noticed that the attack published last year by Moradi et al. is not efficient on correctly first-order protected implementations. We propose in this paper improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques.We present here two new methods and show in practice their real efficiency on two first-order protected AES implementations. We also mention that other symmetric embedded algorithms can be targeted by our new techniques.

[1]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[2]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[3]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[4]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[5]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[6]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[7]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[8]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[9]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[10]  Christophe Clavier An Improved SCARE Cryptanalysis Against a Secret A3/A8 GSM Algorithm , 2007, ICISS.

[11]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[12]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[13]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[14]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[15]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[16]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[17]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[18]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[19]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[20]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[21]  Jasper G. J. van Woudenberg,et al.  Defeating RSA Multiply-Always and Message Blinding Countermeasures , 2011, CT-RSA.

[22]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[23]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[24]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[25]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[26]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[27]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[28]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[29]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[30]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[31]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[32]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[33]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[34]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .