Algebraic side-channel attacks beyond the hamming weight leakage model

Yossef Oren, Mathieu Renauld, François Xavier Standaert, Avishai Wool

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

40 Scopus citations


Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustness-information tradeoff can be simplified by using an optimizer, which exploits the probability data output by a side-channel decoder, instead of a standard SAT solver. For this purpose, we describe a way of representing the leak equations as vectors of aposteriori probabilities, enabling a natural integration of template attacks and ASCA. Next, we put forward the applicability of ASCA against devices which do not conform to simple leakage models (e.g. based on the Hamming weight of the manipulated data). We finally report on various experiments that illustrate the strengths and weaknesses of standard and optimizing solvers in various settings, hence demonstrating the versatility of ASCA.

Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems, CHES 2012 - 14th International Workshop, Proceedings
Number of pages15
StatePublished - 1 Oct 2012
Externally publishedYes
Event14th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2012 - Leuven, Belgium
Duration: 9 Sep 201212 Sep 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7428 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference14th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2012

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Algebraic side-channel attacks beyond the hamming weight leakage model'. Together they form a unique fingerprint.

Cite this