Multiple-Differential Side-Channel Collision Attacks on AES Export

@incollection{citeulike:3388750, abstract = {In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed - binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks (MDCA). When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage.}, author = {Bogdanov, Andrey}, citeulike-article-id = {3388750}, citeulike-linkout-0 = {http://dx.doi.org/10.1007/978-3-540-85053-3_3}, citeulike-linkout-1 = {http://www.springerlink.com/content/v083m7t08lrt3547}, doi = {10.1007/978-3-540-85053-3_3}, journal = {Cryptographic Hardware and Embedded Systems – CHES 2008}, keywords = {covert\_channel, cryptograhy, security}, pages = {30--44}, posted-at = {2008-10-09 03:11:24}, priority = {2}, title = {Multiple-Differential Side-Channel Collision Attacks on AES}, url = {http://dx.doi.org/10.1007/978-3-540-85053-3_3}, year = {2008} }

TY - CHAP ID - citeulike:3388750 L3 - citeulike-article-id:3388750 N2 - In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed - binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks (MDCA). When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage. JF - Cryptographic Hardware and Embedded Systems – CHES 2008 EP - 44 TI - Multiple-Differential Side-Channel Collision Attacks on AES SP - 30 KW - covert_channel KW - cryptograhy KW - security AU - Bogdanov, Andrey PY - 2008/// UR - http://dx.doi.org/10.1007/978-3-540-85053-3_3 ER -