nach oben

Journal of Cryptographic Engineering

Erschienen in:

01.04.2013 | CHES 2012

Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version

verfasst von: Benoît Gérard, François-Xavier Standaert

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, we discuss their relevance in the security evaluation of leaking devices with two main contributions. On one hand, we suggest that the exploitation of linear collisions in block ciphers can be naturally re-written as a Low Density Parity Check Code decoding problem. By combining this re-writing with a Bayesian extension of the collision detection techniques, we improve the efficiency and error tolerance of previously introduced attacks. On the other hand, we provide various experiments in order to discuss the practicality of such attacks compared to standard differential power analysis (DPA). Our results exhibit that collision attacks are less efficient in classical implementation contexts, e.g. 8-bit microcontrollers leaking according to a linear power consumption model. We also observe that the detection of collisions in software devices may be difficult in the case of optimized implementations, because of less regular assembly codes. Interestingly, the soft decoding approach is particularly useful in these more challenging scenarios. Finally, we show that there exist (theoretical) contexts in which collision attacks succeed in exploiting leakages, whereas all other non-profiled side-channel attacks fail.

Vorheriger Artikel Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance

Nächster Artikel Attacking RSA–CRT signatures with faults on montgomery multiplication

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Actually this corresponds to the square root of the Euclidean distance but the root does not alter the ordering hence there is no reason to consider it.

Since the Bayesian extension does not modify the ordering of the scores, using it only makes sense when applying the LDPC decoding algorithm.

Increasing the basis with non-linear elements would not allow solving this issue as long as only non-profiled attacks are considered. It would lead to more precise leakage models both for the correct key candidates and the wrong ones, by over-fitting.

Bennata, A., Burshtein, D.: Design and analysis of nonbinary LDPC codes for arbitrary discrete-memoryless channels. IEEE Trans. Inform. Theory 52, 549–583 (2006)MathSciNetCrossRef

Bogdanov, A.: Improved side-channel collision attacks on AES. In: Adams, C.M., Miri, A., Wiener, M.J. (eds.) Selected Areas in Cryptography-SAC 2007, vol. 4876 of LNCS, pp. 84–95. Springer, Heidelberg (2007)

Bogdanov, A.: Multiple-differential side-channel collision attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2008, vol. 5154 of LNCS, pp. 30–44. Springer, Heidelberg (2008)

Bogdanov, A., Kizhvatov, I.: Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans. Comput. 61(8), 1153–1164 (2011)

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2004, vol. 3156 of LNCS, pp. 16–29. Springer, Heidelberg (2004)

Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B., Koç, C.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2002, vol. 2523 of LNCS, pp. 13–28. Springer, Heidelberg (2003)

Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2011, vol. 6917 of LNCS, pp. 49–62. Springer, Heidelberg (2011)

Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)CrossRef

Gallager, R.G.: Low density parity check codes. Trans. IRE Prof. Group Inform. Theory IT. 8, 21–28 (1962)MathSciNetMATHCrossRef

10.

Gérard, B., Standaert, F.-X.: Unified and optimized linear collision attacks and their application in a non-profiled setting. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2012, vol. 7428 of LNCS, pp. 175–192. Springer, Heidelberg (2012)

11.

Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO 1999, vol. 1666 of LNCS, pp. 388–397. Springer, Heidelberg (1999)

12.

Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2004, vol. 3156 of LNCS, pp. 176–190. Springer, Heidelberg (2004)

13.

Lomne, V., Roche, T.: Collision-correlation attack against some 1st-order Boolean masking schemes in the context of secure devices. In: Prouff, E. (ed.) Constructive Side-Channel Analysis and Secure Design: COSADE, LNCS. Springer (2013, to appear)

14.

Mangard, S.: Hardware countermeasures against DPA? a statistical analysis of their effectiveness. In: Okamoto, T. (ed.) Topics in Cryptology-CT-RSA 2004, vol. 2964 of LNCS, pp. 222–235. Springer, Heidelberg (2004)

15.

Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2010, vol. 6225 of LNCS, pp. 125–139. Springer, Heidelberg (2010)

16.

Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Johansson, T., Pointcheval, D. (eds.) Advances in Cryptology-EUROCRYPT 2012, vol. 7237 of LNCS, pp. 428–445. Springer, Heidelberg (2012)

17.

Poettering, B.: Fast AES implementation for Atmel’s AVR microcontrollers. http://point-at-infinity.org/avraes/

18.

Renauld, M., Standaert, F.-X., Flandre, D.: Information theoretic and security analysis of a 65-nanometer DDSLL AES S-box. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2011, vol. 6917 of LNCS, pp. 223–239. Springer, Heidelberg (2011)

19.

Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2005, vol. 3659 of LNCS, pp. 30–46. Springer, Heidelberg (2005)

20.

Schramm, K., Leander, G., Felker, P., Paar, C.: A collision-attack on AES: Combining side channel and differential-attack. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2004, vol. 3156 of LNCS, pp. 163–175. Springer, Heidelberg (2004)

21.

Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) Fast Software Encryption-FSE 2003, vol. 2887 of LNCS, pp. 206–222. Springer, Heidelberg (2003)

22.

Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Advances in Cryptology-EUROCRYPT 2009, vol. 5479 of LNCS, pp. 443–461. Springer, Heidelberg (2009)

23.

Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptolography-SAC 2012, vol. 7707 of LNCS, pp. 390–406. Springer, Heidelebrg (2012)

24.

Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power: how to analyze side-channel attacks you cannot mount? To be published at EUROCRYPT (2013) (Preliminary work can be found at http://eprint.iacr.org/2012/578)

25.

Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: Improvements and limitations. In: Rogaway, P. (ed.) Advances in Cryptology-CRYPTO 2011, vol. 6841 of LNCS, pp. 354–372. Springer, Heidelberg (2011)

Titel: Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version
verfasst von: Benoît Gérard
François-Xavier Standaert
Publikationsdatum: 01.04.2013
Verlag: Springer-Verlag
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2013
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-013-0051-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2013

Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance

Simple photonic emission analysis of AES

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

Attacking RSA–CRT signatures with faults on montgomery multiplication

Introduction to the CHES 2012 special issue