Quadrivariate Improved Blind Side-Channel Analysis on Boolean Masked AES

  • Christophe Clavier
  • Léo Reynaud
  • Antoine Wurcker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10815)

Abstract

Previous blind side-channel analysis have been proposed to recover a block cipher secret key while neither the plaintext nor the ciphertext is available to the attacker. A recent improvement has been proposed that deals with several first-order Boolean masking schemes. Unfortunately the proposed attacks only work if at least two intermediate states that involve a same key byte are protected by a same mask. In this paper we describe a quadrivariate analysis which involves a pair of key bytes and allows to threaten improved Boolean masked implementations where all masks on inputs of AddRoundKey, SubBytes and MixColumns (respectively \(r_m\), \(r_x\) and \(r_y\)) related to a same key byte are independant.

Our attack comes in two flavors: in a first variant the attacker learns Hamming distances between pairs of expanded key bytes of his choice while in the other variant he learns whether two pairs of extended key bytes share the same unknown Hamming distance. We provide an analysis and simulation results which demonstrate that the ciphering key can be recovered in both settings.

Keywords

Unknown plaintext Joint distributions Maximum likelihood Boolean masking 

References

  1. 1.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_2CrossRefGoogle Scholar
  2. 2.
    Clavier, C., Marion, D., Wurcker, A.: Simple power analysis on AES key expansion revisited. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 279–297. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_16CrossRefGoogle Scholar
  3. 3.
    Clavier, C., Reynaud, L.: Improved blind side-channel analysis by exploitation of joint distributions of leakages. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 24–44. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_2CrossRefGoogle Scholar
  4. 4.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85053-3_27CrossRefGoogle Scholar
  5. 5.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  6. 6.
    Le Bouder, H.: Un formalisme unifiant les attaques physiques sur circuits cryptographiques et son exploitation afin de comparer et rechercher de nouvelles attaques. Ph.D. thesis, École Nationale Supérieure des Mines de Saint-Étienne (2014)Google Scholar
  7. 7.
    Linge, Y., Dumas, C., Lambert-Lacroix, S.: Using the joint distributions of a cryptographic function in side channel analysis. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 199–213. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10175-0_14CrossRefMATHGoogle Scholar
  8. 8.
    VanLaven, J., Brehob, M., Compton, K.J.: A computationally feasible SPA attack on AES VIA optimized search. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 577–588. Springer, Boston, MA (2005).  https://doi.org/10.1007/0-387-25660-1_38CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Université de Limoges, XLIM-CNRSLimogesFrance
  2. 2.eshardMartillacFrance

Personalised recommendations