Multiple-Differential Side-Channel Collision Attacks on AES

  • Andrey Bogdanov
Conference paper

DOI: 10.1007/978-3-540-85053-3_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5154)
Cite this paper as:
Bogdanov A. (2008) Multiple-Differential Side-Channel Collision Attacks on AES. In: Oswald E., Rohatgi P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2008. CHES 2008. Lecture Notes in Computer Science, vol 5154. Springer, Berlin, Heidelberg

Abstract

In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed - binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks (MDCA).

When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage.

Keywords

side-channel attacks collision detection multiple-differential collision attacks AES DPA 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Andrey Bogdanov
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany

Personalised recommendations