A Tolerant Algebraic Side-Channel Attack on AES Using CP

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10416)


AES is a mainstream block cipher used in many protocols and whose resilience against attack is essential for cybersecurity. In [14], Oren and Wool discuss a Tolerant Algebraic Side-Channel Analysis (TASCA) and show how to use optimization technology to exploit side-channel information and mount a computational attack against AES. This paper revisits the results and posits that Constraint Programming is a strong contender and a potent optimization solution. It extends bit-vector solving as introduced in [8], develops a CP and an IP model and compares them with the original Pseudo-Boolean formulation. The empirical results establish that CP can deliver solutions with orders of magnitude improvement in both run time and memory usage, traits that are essential to potential adoption by cryptographers.


Algebraic Side-Channel Attack AES Cryptography Block cipher Constraint programming Optimization 


  1. 1.
    Barenghi, A., Pelosi, G., Teglia, Y.: Improving first order differential power attacks through digital signal processing. In: Proceedings of the 3rd International Conference on Security of Information and Networks, SIN 2010, NY, USA, pp. 124–133 (2010).
  2. 2.
    Berthold, T., Heinz, S., Pfetsch, M.E.: Solving pseudo-Boolean problems with SCIP. Technical report 08–12, ZIB, Takustr.7, 14195, Berlin (2008)Google Scholar
  3. 3.
    Chihani, Z., Marre, B., Bobot, F., Bardin, S.: Sharpening constraint programming approaches for bit-vector theory. In: Salvagnin, D., Lombardi, M. (eds.) CPAIOR 2017. LNCS, vol. 10335, pp. 3–20. Springer, Cham (2017). doi: 10.1007/978-3-319-59776-8_1 CrossRefGoogle Scholar
  4. 4.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer Science & Business Media, Berlin (2013)Google Scholar
  5. 5.
    Gerault, D., Minier, M., Solnon, C.: Constraint programming models for chosen key differential cryptanalysis. In: Rueher, M. (ed.) CP 2016. LNCS, vol. 9892, pp. 584–601. Springer, Cham (2016). doi: 10.1007/978-3-319-44953-1_37 CrossRefGoogle Scholar
  6. 6.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 CrossRefGoogle Scholar
  7. 7.
    Mangard, S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 343–358. Springer, Heidelberg (2003). doi: 10.1007/3-540-36552-4_24 CrossRefGoogle Scholar
  8. 8.
    Michel, L.D., Van Hentenryck, P.: Constraint satisfaction over bit-vectors. In: Milano, M. (ed.) CP 2012. LNCS, pp. 527–543. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33558-7_39 CrossRefGoogle Scholar
  9. 9.
    Michel, L., Van Hentenryck, P.: A microkernel architecture for constraint programming. Constraints 22(2), 107–151 (2017).
  10. 10.
    Mohamed, M.S.E., Bulygin, S., Zohner, M., Heuser, A., Walter, M., Buchmann, J.: Improved algebraic side-channel attack on AES. J. Cryptographic Eng. 3(3), 139–156 (2013).
  11. 11.
    NIST: Federal information processing standards publication (FIPS 197). Advanced Encryption Standard (AES) (2001)Google Scholar
  12. 12.
    Oren, Y., Renauld, M., Standaert, F.-X., Wool, A.: Algebraic side-channel attacks beyond the hamming weight leakage model. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 140–154. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33027-8_9 CrossRefGoogle Scholar
  13. 13.
    Oren, Y., Wool, A.: Tolerant algebraic side-channel analysis of AES. IACR Cryptology ePrint Archive, Report 2012/092 (2012).
  14. 14.
    Oren, Y., Wool, A.: Side-channel cryptographic attacks using pseudo-Boolean optimization. Constraints 21(4), 616–645 (2016).
  15. 15.
    Ramamoorthy, V., Silaghi, M.C., Matsui, T., Hirayama, K., Yokoo, M.: The design of cryptographic S-boxes using CSPs. In: Lee, J. (ed.) CP 2011. LNCS, vol. 6876, pp. 54–68. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23786-7_7 CrossRefGoogle Scholar
  16. 16.
    Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16342-5_29 CrossRefGoogle Scholar
  17. 17.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_8 CrossRefGoogle Scholar
  18. 18.
    Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02777-2_24 CrossRefGoogle Scholar
  19. 19.
    Standaert, O.X., Peeters, E., Rouvroy, G., Quisquater, J.J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006)CrossRefGoogle Scholar
  20. 20.
    Van Hentenryck, P., Carillon, J.P.: Generality versus specificity: an experience with AI and or techniques. In: 7th AAAI National Conference on Artificial Intelligence, AAAI 1988, pp. 660–664. AAAI Press (1988).
  21. 21.
    Wang, W., Søndergaard, H., Stuckey, P.J.: A bit-vector solver with word-level propagation. In: Quimper, C.-G. (ed.) CPAIOR 2016. LNCS, vol. 9676, pp. 374–391. Springer, Cham (2016). doi: 10.1007/978-3-319-33954-2_27 Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Computer Science and Engineering Department, School of EngineeringUniversity of ConnecticutStorrsUSA

Personalised recommendations