Chapter

Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 428-442

Algebraic Side-Channel Analysis in the Presence of Errors

  • Yossef OrenAffiliated withComputer and Network Security Lab, School of Electrical Engineering, Tel-Aviv University
  • , Mario KirschbaumAffiliated withInstitute for Applied Information Processing and Communications, Graz University Of Technology
  • , Thomas PoppAffiliated withInstitute for Applied Information Processing and Communications, Graz University Of Technology
  • , Avishai WoolAffiliated withComputer and Network Security Lab, School of Electrical Engineering, Tel-Aviv University

Abstract

Measurement errors make power analysis attacks difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by [18] to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. The PBOPT instance can then be solved using a suitable optimization problem solver. The PBOPT syntax provides for a more expressive input specification which allows a very natural representation of measurement errors. Most importantly, we show that using our approach we are able to mount successful and efficient single-trace attacks even in the presence of realistic error rates of 10%–20%. We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA). We show practical attacks on two real ciphers: Keeloq and AES.

Keywords

Algebraic attacks power analysis side-channel attacks pseudo-Boolean optimization