Template Attacks in Principal Subspaces

  • C. Archambeau
  • E. Peeters
  • F. -X. Standaert
  • J. -J. Quisquater
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)


Side-channel attacks are a serious threat to implementations of cryptographic algorithms. Secret information is recovered based on power consumption, electromagnetic emanations or any other form of physical information leakage. Template attacks are probabilistic side-channel attacks, which assume a Gaussian noise model. Using the maximum likelihood principle enables us to reveal (part of) the secret for each set of recordings (i.e., leakage trace). In practice, however, the major concerns are (i) how to select the points of interest of the traces, (ii) how to choose the minimal distance between these points, and (iii) how many points of interest are needed for attacking. So far, only heuristics were provided. In this work, we propose to perform template attacks in the principal subspace of the traces. This new type of attack addresses all practical issues in principled way and automatically. The approach is validated by attacking stream ciphers such as RC4. We also report analysis results of template style attacks against an FPGA implementation of AES Rijndael. Roughly, the template attack we carried out requires five time less encrypted messages than the best reported correlation attack against similar block cipher implementations.


Clock Cycle Principal Direction Block Cipher Stream Cipher FPGA Implementation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Efron, B., Tibshirani, R.J.: An introduction to the Bootstrap. Chapman and Hall, London (1993)MATHGoogle Scholar
  4. 4.
    Fukunaga, K.: Introduction to Statistical Pattern Recognition. Elsevier, New York (1990)MATHGoogle Scholar
  5. 5.
    Jolliffe, I.T.: Principal Component Analysis. Springer, New York (1986)Google Scholar
  6. 6.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Microship. PIC16F877 datasheet (2001),
  8. 8.
    Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Standaert, F.-X., Ors, S.B., Preneel, B.: Power analysis of an FPGA implementation of Rijndael: Is pipelining a DPA countermeasure? In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 30–44. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Standaert, F.-X., Peeters, E., Macé, F., Quisquater, J.-J.: Updates on the security of FPGAs against power analysis attacks. In: Bertels, K., Cardoso, J.M.P., Vassiliadis, S. (eds.) ARC 2006. LNCS, vol. 3985, pp. 335–346. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: Efficient implementation of Rijndael encryption in reconfigurable hardware: Improvements and design tradeoffs. In: Dittrich, K.R. (ed.) OODBS 1988. LNCS, vol. 334, pp. 334–350. Springer, Heidelberg (1988)Google Scholar
  12. 12.
    Turk, M., Pentland, A.: Eigenfaces for recognition. Journal of Cognitive Neuroscience 3(1), 71–86 (1991)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • C. Archambeau
    • 1
  • E. Peeters
    • 1
  • F. -X. Standaert
    • 1
  • J. -J. Quisquater
    • 1
  1. 1.UCL Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations