TY - GEN
T1 - Generic analysis of small cryptographic leaks
AU - Dinur, Itai
AU - Shamir, Adi
PY - 2010/10/26
Y1 - 2010/10/26
N2 - Side channel attacks are typically divided into two phases: In the collection phase the attacker tries to measure some physical property of the implementation, and in the analysis phase he tries to derive the cryptographic key from the measured information. The field is highly fragmented, since there are many types of leakage, and each one of them usually requires a different type of analysis. In this paper we formalize a general notion of leakage attacks on iterated cryptosystems, in which the attacker can collect (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be usually represented by low degree multivariate polynomials in the plaintext and key bits, we can use the recently discovered cube attack as a generic analysis phase which can be applied in principle to any type of leaked data. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop in this paper a new type of robust cube attack, which can recover the key even when some of the leaked bits are unreliable. In particular, we show how to exploit trivial equations (of the form 0 = 0, which are plentiful but useless in standard cube attacks) in order to correct a fraction of measurement errors which can be arbitrarily close to 1. Finally, we demonstrate our approach by describing efficient leakage attacks on Serpent (requiring only 218 time for full key recovery when the leaked state bits are clean) and on AES (requiring 235 time in the same scenario), and show how to make them robust with a small additional complexity.
AB - Side channel attacks are typically divided into two phases: In the collection phase the attacker tries to measure some physical property of the implementation, and in the analysis phase he tries to derive the cryptographic key from the measured information. The field is highly fragmented, since there are many types of leakage, and each one of them usually requires a different type of analysis. In this paper we formalize a general notion of leakage attacks on iterated cryptosystems, in which the attacker can collect (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be usually represented by low degree multivariate polynomials in the plaintext and key bits, we can use the recently discovered cube attack as a generic analysis phase which can be applied in principle to any type of leaked data. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop in this paper a new type of robust cube attack, which can recover the key even when some of the leaked bits are unreliable. In particular, we show how to exploit trivial equations (of the form 0 = 0, which are plentiful but useless in standard cube attacks) in order to correct a fraction of measurement errors which can be arbitrarily close to 1. Finally, we demonstrate our approach by describing efficient leakage attacks on Serpent (requiring only 218 time for full key recovery when the leaked state bits are clean) and on AES (requiring 235 time in the same scenario), and show how to make them robust with a small additional complexity.
KW - AES
KW - Cryptanalysis
KW - Cube attacks
KW - Robust cube attacks
KW - Serpent
KW - Side channel attacks
UR - http://www.scopus.com/inward/record.url?scp=77958081685&partnerID=8YFLogxK
U2 - 10.1109/FDTC.2010.11
DO - 10.1109/FDTC.2010.11
M3 - Conference contribution
AN - SCOPUS:77958081685
SN - 9780769541693
T3 - Fault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010
SP - 39
EP - 48
BT - Fault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010
T2 - 7th International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010
Y2 - 21 August 2010 through 21 August 2010
ER -