Skip to main content
SpringerLink
Log in

Analysis of the algebraic side channel attack

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

At CHES 2009, Renauld, Standaert and Veyrat-Charvillon introduced a new kind of attack called algebraic side-channel attacks (ASCA). They showed that side-channel information leads to effective algebraic attacks. These results are mostly experiments since strongly based on the use of a SAT solver. This article presents a theoretical study to explain and to characterize the algebraic phase of these attacks. We study more general algebraic attacks based on Gröbner methods. We show that the complexity of the Gröbner basis computations in these attacks depends on a new notion of algebraic immunity defined in this paper, and on the distribution of the leakage information of the cryptosystem. We also study two examples of common leakage models: the Hamming weight and the Hamming distance models. For instance, the study in the case of the Hamming weight model gives that the probability of obtaining at least 64 (resp. 130) linear relations is about 50% for the substitution layer of PRESENT (resp. AES). Moreover if the S-boxes are replaced by functions maximizing the new algebraic immunity criterion then the algebraic attacks (Gröbner and SAT) are intractable. From this theoretical study, we also deduce an invariant which can be easily computed from a given S-box and provides a sufficient condition of weakness under an ASCA. This new invariant does not require any sophisticated algebraic techniques to be defined and computed. Thus, for cryptographic engineers without an advanced knowledge in algebra (e.g. Gröbner basis techniques), this invariant may represent an interesting tool for rejecting weak S-boxes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Armknecht, F., Ars, G.: Introducing a new variant of fast algebraic attacks and minimizing their successive data complexity. In: Mycrypt, pp. 16–32 (2005)

  2. Akkar, M.-L., Bevan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible . . . . In: ASIACRYPT, pp. 489–502 (2000)

  3. Albrecht, M., Cid, C.: Cold boot key recovery using polynomial system solving with noise. In: 2nd International Conference on Symbolic Computation and Cryptography (2010)

  4. Ars, G., Faugère, J.-C.: Algebraic immunities of functions over finite fields. Research Report RR-5532, INRIA (2005)

  5. Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: a 128-bit block cipher suitable for multiple platforms (2000)

  6. Armknecht, F., Krause, M.: Constructing single- and multi-output Boolean functions with maximal immunity. In: Proceedings of ICALP 2006, Lecture Notes of Computer Science, vol. 4052, pp. 180–191 (2006)

  7. Ars, G.: Applications des bases de Gröbner en cryptographie. PhD thesis, University of Rennes (2005)

  8. Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à à la cryptographie. PhD thesis, Université de Paris VI (2004)

  9. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES’04, pp. 16–29 (2004)

  10. Bosma W., Cannon J., Playoust C.: The MAGMA algebra system: the user language. J. Symb. Comput. 24, 235–265 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  11. Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of International Conference on Polynomial System Solving (ICPSS), pp. 71–75 (2004)

  12. Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. In: Proceedings of MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)

  13. Bogdanov, A., Knudsen, L.R., Le, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: CHES’07. Springer, Berlin (2007)

  14. Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection. In: INDOCRYPT, pp. 251–265 (2008)

  15. Bogdanov, A.: Improved side-channel collision attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 4876, pp. 84–95. Springer, Heidelberg (2007)

  16. Bogdanov, A.: Multiple-differential side-channel collision attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2008 Proceedings, Lecture Notes in Computer Science, vol. 5154, pp. 30–44. Springer, Berlin (2008)

  17. Carlet, C.: On the algebraic immunities and higher order nonlinearities of vectorial Boolean functions. In: NATO Science for Peace and Security Series, D: Information and Communication Security, vol. 13, pp. 104–116. IOS Press, Amsterdam (2009)

  18. Carlet, C.: Vectorial Boolean functions for cryptography, pp. 398–469. In: Boolean Models and Methods in Mathematics, Computer Science, and Engineering. Cambridge University Press, Cambridge (2010)

  19. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Proceedings of Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 1999, pp. 398–412. Springer, Berlin (1999)

  20. Cid C., Leurent G.: An Analysis of the XSL Algorithm. In: ASIACRYPT, pp. 333–352 (2005)

  21. Cox D.A., Little J., O’Shea D.: Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3/e (Undergraduate Texts in Mathematics). Springer, New Jersey (2007)

    Google Scholar 

  22. Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: EUROCRYPT, pp. 345–359 (2003)

  23. Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: ASIACRYPT, pp. 267–287 (2002)

  24. Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). In: Journal of Pure and Applied Algebra, pp. 75–83. ACM Press, New York (1999)

  25. Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, ISSAC ’02, pp. 75–83. ACM, New York (2002)

  26. Faugère, J.-C.: Françoise Levy dit Vehel, and Ludovic Perret. Cryptanalysis of MinRank. In: CRYPTO, pp. 280–296 (2008)

  27. Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using Gröbner bases. In: CRYPTO, pp. 44–60 (2003)

  28. Fischer, S., Meier, W.: Algebraic immunity of S-boxes and augmented functions. In: FSE, pp. 366–381 (2007)

  29. Faugère, J.-C., Perret, L.: Cryptanalysis of 2R schemes. In: CRYPTO, pp. 357–372 (2006)

  30. Faugère, J.-C., Perret, L.: Polynomial equivalence problems: algorithmic and theoretical aspects. In: EUROCRYPT, pp. 30–47 (2006)

  31. Handschuh, H., Preneel, B.: Blind differential crypt analysis for enhanced power attacks. In: Selected Areas in Cryptography, pp. 163–173 (2006)

  32. Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: CHES’10 (2010)

  33. Mangard S., Oswald E., Popp T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)

    MATH  Google Scholar 

  34. Office of State Commercial Cryptography Administration. The SMS4 block cipher (in Chinese) (2006). http://www.oscca.gov.cn/UpFile/200621016423197990.pdf

  35. Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic side-channel analysis in the presence of errors. In: CHES’10 (2010)

  36. Prouff, E.: DPA attacks and S-boxes. In: FSE, pp. 424–441 (2005)

  37. Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Inscrypt 2009, LNCS, Springer, Berlin (2009)

  38. Renauld, M., Standaert, F.-X.: Representation-, leakage- and cipher- dependencies in algebraic side-channel attacks. In: ACNS 2010 Industrial Track, pp. 1–18 (2010)

  39. Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: CHES’09, pp. 97–111. Springer, Berlin (2009)

  40. Schramm, K., Leander, G., Felke, P., Paar, C.: A collision-attack on AES combining side channel and differential attack. In: CHES’04, pp. 163–175 (2004)

  41. Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: SAT, pp. 244–257 (2009)

  42. Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Fast Software Encryption FSE 03, LNCS, vol. 2887, pp. 206–222. Springer, Berlin (2003)

Download references

Author information

Authors and Affiliations

  1. Université Paris 8, UMR LAGA, MTII team, 2, rue de la liberté, 93526, Saint-Denis Cedex 02, France

    Claude Carlet

  2. UPMC, Université Paris 6, LIP6, INRIA, Centre Paris-Rocquencourt, PolSys Project-Team, CNRS, UMR 7606, LIP6, 4, place Jussieu, 75252, Paris Cedex 5, France

    Jean-Charles Faugère, Christopher Goyet & Guénaël Renault

  3. Thales Communications and Security, 160 Boulevard de Valmy, 92700, Colombes, France

    Christopher Goyet

Authors
  1. Claude Carlet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Charles Faugère
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christopher Goyet
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guénaël Renault
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christopher Goyet.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Carlet, C., Faugère, JC., Goyet, C. et al. Analysis of the algebraic side channel attack. J Cryptogr Eng 2, 45–62 (2012). https://doi.org/10.1007/s13389-012-0028-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-012-0028-0

Keywords

Search

Navigation