Generic analysis of small cryptographic leaks

Itai Dinur, Adi Shamir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Side channel attacks are typically divided into two phases: In the collection phase the attacker tries to measure some physical property of the implementation, and in the analysis phase he tries to derive the cryptographic key from the measured information. The field is highly fragmented, since there are many types of leakage, and each one of them usually requires a different type of analysis. In this paper we formalize a general notion of leakage attacks on iterated cryptosystems, in which the attacker can collect (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be usually represented by low degree multivariate polynomials in the plaintext and key bits, we can use the recently discovered cube attack as a generic analysis phase which can be applied in principle to any type of leaked data. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop in this paper a new type of robust cube attack, which can recover the key even when some of the leaked bits are unreliable. In particular, we show how to exploit trivial equations (of the form 0 = 0, which are plentiful but useless in standard cube attacks) in order to correct a fraction of measurement errors which can be arbitrarily close to 1. Finally, we demonstrate our approach by describing efficient leakage attacks on Serpent (requiring only 218 time for full key recovery when the leaked state bits are clean) and on AES (requiring 235 time in the same scenario), and show how to make them robust with a small additional complexity.

Original languageEnglish
Title of host publicationFault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010
Pages39-48
Number of pages10
DOIs
StatePublished - 26 Oct 2010
Externally publishedYes
Event7th International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010 - Santa Barbara, CA, United States
Duration: 21 Aug 201021 Aug 2010

Publication series

NameFault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010

Conference

Conference7th International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010
Country/TerritoryUnited States
CitySanta Barbara, CA
Period21/08/1021/08/10

Keywords

  • AES
  • Cryptanalysis
  • Cube attacks
  • Robust cube attacks
  • Serpent
  • Side channel attacks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Generic analysis of small cryptographic leaks'. Together they form a unique fingerprint.

Cite this