A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks

The use of constraint solvers, such as SAT- or Pseudo-Boolean-solvers, allows the extraction of the secret key from one or two side-channel traces. However, to use such a solver the cipher must be represented at bit-level. For byte-oriented ciphers this produces very large and unwieldy instances, leading to unpredictable, and often very long, run times. In this paper we describe a specialized byte-oriented constraint solver for side channel cryptanalysis. The user only needs to supply code snippets for the native operations of the cipher, arranged in a flow graph that models the dependence between the side channel leaks. Our framework uses a soft decision mechanism which overcomes realistic measurement noise and decoder classification errors, through a novel method for reconciling multiple probability distributions. On the DPA v4 contest dataset our framework is able to extract the correct key from one or two power traces in under 9 seconds with a success rate of over 79%.

[1]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[2]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[3]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[4]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[5]  Annelie Heuser,et al.  Improved algebraic side-channel attack on AES , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[6]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[7]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[8]  Sylvain Guilley,et al.  Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator , 2010, AFRICACRYPT.

[9]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[10]  Kaplan,et al.  ‘Combining Probability Distributions from Experts in Risk Analysis’ , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[12]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[13]  Avishai Wool,et al.  Algebraic Side-Channel Attacks Beyond the Hamming Weight Leakage Model , 2012, CHES.

[14]  Joseph M. Kahn,et al.  A Generative Bayesian Model for Aggregating Experts' Probabilities , 2004, UAI.

[15]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[16]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[17]  Tao Wang,et al.  Exploiting the Incomplete Diffusion Feature: A Specialized Analytical Side-Channel Attack Against the AES and Its Application to Microcontroller Implementations , 2014, IEEE Transactions on Information Forensics and Security.

[18]  Christof Paar,et al.  Improving Side-Channel Analysis with Optimal Linear Transforms , 2012, CARDIS.

[19]  Takeshi Sugawara,et al.  Profiling attack using multivariate regression analysis , 2010, IEICE Electron. Express.

[20]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[21]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[22]  Geoffrey E. Hinton Training Products of Experts by Minimizing Contrastive Divergence , 2002, Neural Computation.

[23]  Avishai Wool,et al.  Practical template-algebraic side channel attacks with extremely low data complexity , 2013, HASP '13.

[24]  Avishai Wool,et al.  Algebraic Side-Channel Analysis in the Presence of Errors , 2010, CHES.

[25]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[26]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[27]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[28]  William Stallings,et al.  Cryptography and network security , 1998 .

[29]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[30]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[31]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[32]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[33]  Theodore P. Hill,et al.  Conflations of probability distributions , 2008, 0808.1808.