Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Abstract

Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Notes

  1. 1.

    As argued in [17], the guessing entropy can be computed out of all the \(o\)th order success rates.

  2. 2.

    This notion of stability had already been employed in [13], to accelerate an attack convergence by filtering out small changes in subkeys rank after stability is reached.

  3. 3.

    It is usually referred to as EIS, short for Equal Images under different Subkeys.

  4. 4.

    We number bits of an AES state from 0 to 127, starting from the most significant bit of byte 0 to the least significant bit of byte 15.

References

  1. 1.

    Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: CHES, LNCS, vol. 3156, pp. 16–29. Springer: Cambridge (2004)

  2. 2.

    Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards. In. In Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147 (1999)

  3. 3.

    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: CHES, LNCS, vol. 2523, pp. 13–28. Springer (2002). San Francisco Bay (Redwood City), USA

  4. 4.

    Elaabid, M.A., Guilley, S.: Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator. In: AFRICACRYPT, LNCS, vol. 6055, pp. 243–260. Springer (2010). Stellenbosch, South Africa. doi:10.1007/978-3-642-12678-9_15

  5. 5.

    Eo, Y., Eisenstadt, W., Jeong, J.Y., Kwon, O.K.: A new on-chip interconnect crosstalk model and experimental verification for CMOS VLSI circuit design. Electron Dev. IEEE Trans. 47(1), 129–140 (2000)

    Article  Google Scholar 

  6. 6.

    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates versus Stochastic Methods. In: CHES, LNCS, vol. 4249, pp. 15–29. Springer: Yokohama (2006)

  7. 7.

    Heuser, A., Kasper, M., Schinder, W., Stöttinger, M.: How a Symmetry Metric Assists Side-Channel Evaluation—A Novel Model Verification Method for Power Analysis. In: 14th Euromicro Conference on Digital System Design Architectures, Methods and Tools (DSD 2011). IEEE (2011)

  8. 8.

    Heuser, A., Kasper, M., Schindler, W., Stöttinger, M.: A new difference method for side-channel analysis with high-dimensional leakage models. In: O. Dunkelman (ed.) CT-RSA, Lecture Notes in Computer Science, vol. 7178, pp. 365–382. Springer (2012)

  9. 9.

    Jolliffe, I.: Principal Component Analysis. Springer, London (1986)

    Google Scholar 

  10. 10.

    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: CRYPTO, LNCS, vol. 1666, pp. 388–397. Springer (1999)

  11. 11.

    Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis - Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (2011). http://eprint.iacr.org/2011/579

  12. 12.

    Nakasone, T., Li, Y., Sasaki, Y., Iwamoto, M., Ohta, K., Sakiyama, K.: Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher. In: T. Kwon, M.K. Lee, D. Kwon (eds.) ICISC, Lecture Notes in Computer Science, vol. 7839, pp. 395–409. Springer (2012)

  13. 13.

    Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: “Rank Correction”: A New Side-Channel Approach for Secret Key Recovery. In: M. Joye, D. Mukhopadhyay, M. Tunstall (eds.) InfoSecHiComNet, Lecture Notes in Computer Science, vol. 7011, pp. 128–143. Springer (2011)

  14. 14.

    Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: a Small and Fast Countermeasure for AES, Secure against First- and Second-order Zero-Offset SCAs. In: DATE, pp. 1173–1178 (2012). Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”). On-line version: http://hal.archives-ouvertes.fr/hal-00666337/en

  15. 15.

    Nieuwland, A.K., Katoch, A., Meijer, M.: Reducing Cross-Talk Induced Power Consumption and Delay. In: E. Macii, O.G. Koufopavlou, V. Paliouras (eds.) Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation, Lecture Notes in Computer Science, vol. 3254, pp. 179–188. Springer (2004)

  16. 16.

    Paige, C.C., Saunders, M.A.: LSQR: an algorithm for sparse linear equations and sparse least squares. ACM Trans. Math. Softw. 8(1), 43–71 (1982). doi:10.1145/355984.355989

    MathSciNet  Article  MATH  Google Scholar 

  17. 17.

    Rivain, M.: On the Exact Success Rate of Side Channel Analysis in the Gaussian Model. In: Selected Areas in Cryptography, LNCS, vol. 5381, pp. 165–183. Springer: Sackville, New Brunswick (2008)

  18. 18.

    Satoh, A.: Side-channel Attack Standard Evaluation Board, SASEBO. Project of the AIST—RCIS (Research Center for Information Security), http://www.risec.aist.go.jp/project/sasebo/

  19. 19.

    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: J.R. Rao, B. Sunar (eds.) CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 30–46. Springer: Edinburgh (2005)

  20. 20.

    Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517

  21. 21.

    Standaert, F.X., Malkin, T., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer: Cologne (2009)

  22. 22.

    TELECOM ParisTech SEN research group: DPA Contest (2nd edn) (2009–2010). http://www.DPAcontest.org/v2/

  23. 23.

    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.X.: An Optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks. In: Selected Areas in Cryptography (2012)

Download references

Acknowledgments

The organization of the DPA contest would have not been possible without the active contribution of many people from Télécom ParisTech in France (Guillaume Duc, Jean-Luc Danger, Moulay Abdelaziz Elaabid, Florent Flament, Sylvain Guilley, Philippe Hoogvorst, Olivier Meynard, Frédéric Pauget, Laurent Sauvage), from Université Catholique de Louvain in Belgium (Philippe Bulens, François-Xavier Standaert, Nicolas Veyrat-Charvillon) and from Tohoku University in Japan (Naofumi Homma).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Guillaume Duc.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Clavier, C., Danger, JL., Duc, G. et al. Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest. J Cryptogr Eng 4, 259–274 (2014). https://doi.org/10.1007/s13389-014-0075-9

Download citation

Keywords

  • SCA
  • CPA
  • Profiled attacks
  • AES
  • DPA contest
  • Attacks metrics