Algebraic Side-Channel Attacks Beyond the Hamming Weight Leakage Model

  • Yossef Oren
  • Mathieu Renauld
  • François-Xavier Standaert
  • Avishai Wool
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustness-information tradeoff can be simplified by using an optimizer, which exploits the probability data output by a side-channel decoder, instead of a standard SAT solver. For this purpose, we describe a way of representing the leak equations as vectors of aposteriori probabilities, enabling a natural integration of template attacks and ASCA. Next, we put forward the applicability of ASCA against devices which do not conform to simple leakage models (e.g. based on the Hamming weight of the manipulated data). We finally report on various experiments that illustrate the strengths and weaknesses of standard and optimizing solvers in various settings, hence demonstrating the versatility of ASCA.


Advance Encryption Standard Goal Function Device Under Test Support Size Power Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    Akdemir, K., Dixon, M., Feghali, W., Fay, P., Gopal, V., Guilford, J., Ozturc, E., Worlich, G., Zohar, R.: Breakthrough AES Performance with Intel AES New Instructions. Technical report, Intel Corporation (October 2010),
  3. 3.
    Berthold, T., Heinz, S., Pfetsch, M.E., Winkler, M.: SCIP – Solving Constraint Integer Programs. SAT 2009 competitive events booklet (2009)Google Scholar
  4. 4.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Carlet, C., Faugère, J.-C., Goyet, C., Renault, G.: Analysis of the algebraic side channel attack. J. Cryptographic Engineering 2(1), 45–62 (2012)CrossRefGoogle Scholar
  7. 7.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1998)Google Scholar
  9. 9.
    Dawson, S.: Code Hopping Decoder using a PIC16C56. Microchip confidential, leaked online in 2002 (1998)Google Scholar
  10. 10.
    Mangard, S.: A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 343–358. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Manning, C.D., Raghavan, P., Schtze, H.: Introduction to Information Retrieval. Cambridge University Press, New York (2008)zbMATHCrossRefGoogle Scholar
  12. 12.
    Manquinho, V., Roussel, O.: Pseudo-Boolean Competition 2009 (July 2009),
  13. 13.
    Mohamed, M.S.E., Bulygin, S., Zohner, M., Heuser, A., Walter, M.: Improved Algebraic Side-Channel Attack on AES. Cryptology ePrint Archive, Report 2012/084 (2012),
  14. 14.
    Information Technology Laboratory (National Institute of Standards and Technology). Announcing the Advanced Encryption Standard (AES). Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD (2001)Google Scholar
  15. 15.
    Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic Side-Channel Analysis in the Presence of Errors. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 428–442. Springer, Heidelberg (2010), CrossRefGoogle Scholar
  16. 16.
    Oren, Y., Wool, A.: Tolerant Algebraic Side-Channel Analysis of AES. Cryptology ePrint Archive, Report 2012/092 (2012),
  17. 17.
    Renauld, M., Standaert, F.-X.: Algebraic Side-Channel Attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
  21. 21.
    Soos, M.: CryptoMiniSat2,
  22. 22.
    Zhao, X., Wang, T., Guo, S., Zhang, F., Shi, Z., Liu, H., Wu, K.: SAT based Error Tolerant Algebraic Side-Channel Attacks. In: 2011 Conference on Cryptographic Algorithms and Cryptographic Chips, CASC 2011 (July 2011)Google Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Yossef Oren
    • 1
  • Mathieu Renauld
    • 2
  • François-Xavier Standaert
    • 2
  • Avishai Wool
    • 1
  1. 1.Cryptography and Network Security Lab., School of Electrical EngineeringTel-Aviv UniversityRamat AvivIsrael
  2. 2.Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations