Journal of Cryptographic Engineering

, Volume 2, Issue 1, pp 45–62

Analysis of the algebraic side channel attack

  • Claude Carlet
  • Jean-Charles Faugère
  • Christopher Goyet
  • Guénaël Renault
Regular Paper

DOI: 10.1007/s13389-012-0028-0

Cite this article as:
Carlet, C., Faugère, JC., Goyet, C. et al. J Cryptogr Eng (2012) 2: 45. doi:10.1007/s13389-012-0028-0

Abstract

At CHES 2009, Renauld, Standaert and Veyrat-Charvillon introduced a new kind of attack called algebraic side-channel attacks (ASCA). They showed that side-channel information leads to effective algebraic attacks. These results are mostly experiments since strongly based on the use of a SAT solver. This article presents a theoretical study to explain and to characterize the algebraic phase of these attacks. We study more general algebraic attacks based on Gröbner methods. We show that the complexity of the Gröbner basis computations in these attacks depends on a new notion of algebraic immunity defined in this paper, and on the distribution of the leakage information of the cryptosystem. We also study two examples of common leakage models: the Hamming weight and the Hamming distance models. For instance, the study in the case of the Hamming weight model gives that the probability of obtaining at least 64 (resp. 130) linear relations is about 50% for the substitution layer of PRESENT (resp. AES). Moreover if the S-boxes are replaced by functions maximizing the new algebraic immunity criterion then the algebraic attacks (Gröbner and SAT) are intractable. From this theoretical study, we also deduce an invariant which can be easily computed from a given S-box and provides a sufficient condition of weakness under an ASCA. This new invariant does not require any sophisticated algebraic techniques to be defined and computed. Thus, for cryptographic engineers without an advanced knowledge in algebra (e.g. Gröbner basis techniques), this invariant may represent an interesting tool for rejecting weak S-boxes.

Keywords

Algebraic side channel attack Gröbner basis Algebraic immunity Block cipher 

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  • Claude Carlet
    • 1
  • Jean-Charles Faugère
    • 2
  • Christopher Goyet
    • 2
    • 3
  • Guénaël Renault
    • 2
  1. 1.Université Paris 8, UMR LAGA, MTII teamSaint-Denis Cedex 02France
  2. 2.UPMC, Université Paris 6, LIP6, INRIA, Centre Paris-Rocquencourt, PolSys Project-Team, CNRS, UMR 7606, LIP6Paris Cedex 5France
  3. 3.Thales Communications and SecurityColombesFrance

Personalised recommendations