Skip to main content
SpringerLink
Log in

Improved algebraic side-channel attack on AES

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

In this paper, we present improvements of the algebraic side-channel analysis of the Advanced Encryption Standard (AES) proposed in the works of M. Renauld and F.-X. Standaert. In particular, we optimize the algebraic representation of both the AES block cipher and obtained side-channel information, in the form of Hamming weights of intermediate states, in order to speed up the attack and increase its success rate. We study the performance of our improved attack in both known and unknown plaintext/ciphertext attack scenarios. Our experiments indicate that in both cases the amount of required side-channel information is less than the one required in the attacks introduced earlier. Furthermore, we introduce a method for handling erroneous side-channel information, which allows our improved algebraic side-channel attack (IASCA) to partially escape the assumption of an error-free environment and thus become applicable in practice. We demonstrate the practical use of our IASCA by inserting predictions from a single-trace template attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. http://baldur.iti.uka.de/sat-race-2010/results.html.

  2. Available at http://www.ecrypt.eu.org/tools/ascatocnf.

  3. Available at https://sourceforge.net/projects/iasca.

  4. Note that this example was chosen as one of the less accurate predictions of the template attack.

  5. Oren et al. use 100 HWs per round instead of 84 since they additionally use 16 HWs of the key used in a round.

  6. This scenario is about equal to the performance using \(T=95\,\%\) in Table 9.

  7. Note that we approximate the distribution, which may yield imprecise results.

  8. Since we only have 100 realizations of the distribution we used each solving time as a threshold. This is, however, not a precise method since it does not include interpolation between the solving times.

References

  1. Renauld, M., Standaert, F.X., Charvillon, N.V.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Gaj, C. (ed.) CHES 2009, ser. LNCS, vol. 5747, pp. 97–111 (2009)

  2. Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt, ser. LNCS, vol. 6151, pp. 393–410 (2009)

  3. Oren, Y., Kirschbaum, M., Popp, T., Wool, A.: Algebraic side-channel analysis in the presence of errors. In: Mangard, S., Standaert, F.-X. (eds.) CHES, ser. Lecture Notes in Computer Science, vol. 6225, pp. 428–442. Springer (2010)

  4. Oren, Y., Wool, A.: Tolerant algebraic side-channel analysis of AES. In: Cryptology eprint archive, report 2012/092. http://eprint.iacr.org/ (2012)

  5. Zhao, X., Zhang, F., Guo, S., Wang, T., Shi, Z., Liu, H., Ji, K.: MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation. In: Schindler, W., Huss, S. (eds.) COSADE, ser. LNCS, vol. 7275, pp. 231–248 (2012)

  6. Zhao, X., Wang, T., Guo, S., Zhang, F., Shi, Z., Liu, H., Wu, K.: SAT based error tolerant algebraic side-channel attacks., In: Conference on cryptographic algorithms and cryptographic chips (CASC2011) (2011)

  7. Oren, Y., Renauld, M., Standaert, F.-X., Wool, A.: Algebraic side-channel attacks beyond the Hamming weight leakage model. In: Prouff, E., Schaumont, P. (eds.) CHES 2012, ser. LNCS, vol. 7428, pp. 140–154 (2012)

  8. Mohamed, M.S.E., Bulygin, S., Zohner, M., Heuser, A., Walter, M., Buchmann, J.: Improved algebraic side-channel attack on AES. In: Gaj, C. (ed.) IEEE international symposium on hardware-oriented security and trust (HOST), pp. 146–151 (2012)

  9. NIST: Advanced encryption standard (AES) (FIPS PUB 197). National Institute of Standards and Technology (2001)

  10. Murphy, S., Robshaw, M., Cid, C.: Algebraic aspects of the advanced encryption standard. Springer (2006)

  11. Fraenkel, A., Yesha, Y.: Complexity of problems in games, graphs and algebraic equations. Discret. Appl. Math. 1(2), 15–30 (1979)

    Google Scholar 

  12. Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. In: MEGA 2005, eighth international symposium on effective methods in algebraic geometry (2005)

  13. Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of satisfiability. IOS Press (2009)

  14. Soos, M.: Grain of salt—an automated way to test stream ciphers through SAT solvers. Tech. Rep. (Online). http://www.msoos.org/grain-of-salt

  15. Bard, G., Courtois, N. Jr., J. N., Sepehrdad, P., Zhang, D.: Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers. In: Gong, G., Gupta, K. (eds.) IndoCrypt, ser. LNCS, vol. 6498, pp. 176–196. Springer (2010)

  16. Bulygin, S., Buchmann, J.: Algebraic cryptanalysis of the round-reduced and side channel analysis of the full PRINTCipher-48. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011, ser. LNCS, vol. 7092, pp. 54–75. Springer (2011)

  17. Soos, M.: Cryptominisat 2.5.0. In: SAT race competitive event booklet (2010)

  18. Bard, G.: Algebraic cryptanalysis. Springer (2009)

  19. Davis, M., Logemann, G., Loveland, D.: A machine program for theorem-proving. Commun. ACM 5(7), 394–397 (1962)

    Google Scholar 

  20. Davis, M., Putnam, H.: A computing procedure for quantification theory. J. ACM 7(3), 201–215 (1960)

    Article  MathSciNet  MATH  Google Scholar 

  21. Cid, C., Weinmann, R.P.: Block ciphers: algebraic cryptanalysis and Groebner bases. In: Sala, M., Mora,T., Perret, L., Sakata, S., Traverso, C. (eds.) Groebner bases, coding, and cryptography, pp. 307–328. Springer (2009)

  22. Chari, S., Rao, J.R., Rohatgi, P.:Template attacks. In: Jr., B.K., Koç, Ç.K., Paar, C. (eds.) CHES 2002, ser. LNCS, vol. 2523, pp. 13–28 (2002)

  23. Aabid, M., Guilley, S., Hoogvorst, P.: Template attacks with a power model. In: Cryptology eprint archive, report 2007/443. http://eprint.iacr.org/ (2007)

  24. Heuser, A., Zohner, M.: Intelligent machine homicide—breaking cryptographic devices using support vector machines. In: Schindler, W., Huss, S. (eds.) COSADE, ser. LNCS, vol. 7275, pp. 249–264 (2012)

  25. Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: AFRICACRYPT, pp. 279–296 (2010)

  26. Karnaugh, M.: The map method for synthesis of combinational logic circuits. Trans. Am. Inst. Electr. Eng. (part I) 72(9), 593–599 (1953)

    Google Scholar 

  27. Brickenstein, M.: Boolean Grbner bases—theory. algorithms and applications. Logos, Berlin (2010)

  28. Carlet, C., Goyet, C., Faugère, J.-C., Renault, G.: Analysis of the algebraic side channel attack. J. Cryptogr. Eng., 1–18 (2012)

  29. Mangard, S., Oswald, E.T.: Power analysis attacks—revealing the secrets of smart cards. Springer, Popp (2007)

Download references

Acknowledgments

The work presented in this contribution was supported by the German Federal Ministry of Education and Research (BMBF) in the project RESIST through grant number 01IS10027A. The second author was supported by the German Science Foundation (DFG) grant BU 630/22-1. The third author was supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE. We would like to thank Mathieu Renauld for his useful comments on this paper and for his valuable suggestions. We thank Mate Soos for assisting with using CryptoMiniSat.

Author information

Authors and Affiliations

  1. Department of Computer Science, Technische Universität Darmstadt, Hochschulstraße 10, 64289 , Darmstadt, Germany

    Mohamed Saied Emam Mohamed, Stanislav Bulygin & Johannes Buchmann

  2. Center for Advanced Security Research Darmstadt (CASED), Mornewegstraße 32, 64293 , Darmstadt, Germany

    Stanislav Bulygin

  3. Technische Universität Darmstadt, European Center for Security and Privacy by Design (EC-SPRIDE), Mornewegstraße 32, 64293 , Darmstadt, Germany

    Michael Zohner

  4. Département Communications et Electronique (COMELEC), TELECOM-ParisTech, 37/39 rue Dareau, 75634 , Paris Cedex 13, France

    Annelie Heuser

  5. Department of Computer Science and Engineering, University of California, San Diego, 9500 Gilman Drive, Mail code 0404, La Jolla, CA, 92093-5004, USA

    Michael Walter

Authors
  1. Mohamed Saied Emam Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stanislav Bulygin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Zohner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michael Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Johannes Buchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Saied Emam Mohamed.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mohamed, M.S.E., Bulygin, S., Zohner, M. et al. Improved algebraic side-channel attack on AES. J Cryptogr Eng 3, 139–156 (2013). https://doi.org/10.1007/s13389-013-0059-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-013-0059-1

Keywords

Search

Navigation