Abstract
Side-channel collision attacks are more powerful than traditional side-channel attack without knowing the leakage model or establishing the model. Most attack strategies proposed previously need quantities of power traces with high computational complexity and are sensitive to mistakes, which restricts the attack efficiency seriously. In this paper, we propose a multiple-bits side-channel collision attack based on double distance voting detection (DDVD) and also an improved version, involving the error-tolerant mechanism, which can find all 120 relations among 16 key bytes when applied to AES (Advanced Encryption Standard) algorithm. In addition, we compare our collision detection method called DDVD with the Euclidean distance and the correlation-enhanced collision method under different intensity of noise, which indicates that our detection technique performs better in the circumstances of noise. Furthermore, 4-bit model of our collision detection method is proven to be optimal in theory and in practice. Meanwhile the corresponding practical attack experiments are also performed on a hardware implementation of AES-128 on FPGA board successfully. Results show that our strategy needs less computation time but more traces than LDPC method and the online time for our strategy is about 90% less than CECA and 96% less than BCA with 90% success rate.
Highlights
Modern cryptographic algorithms have been proven to be safe mathematically, this does not mean that the physical implementation is safe enough, where attacker can obtain some physical information from side channel
Since Differential Power Analysis (DPA) was proposed in 1997 [2], whose distinguisher is the difference of the mean traces, various distinguishers have been designed and improved to enhance attack ability and efficiency, for example, Pearson correlation coefficient as a distinguisher for Correlation Power Analysis (CPA)[3], mutual information for Mutual Information Analysis (MIA)[4], and maximum likelihood for Template Attack [5, 6] (TA) and Template Based DPA [7]
Operation on k1m and k2m corresponding to S-box 1 and S-box 2 is taken as an example to present the process of double distance voting detection
Summary
Modern cryptographic algorithms have been proven to be safe mathematically, this does not mean that the physical implementation is safe enough, where attacker can obtain some physical information from side channel. In 2010, Moradi proposed a correlation-enhanced method [15] that improves the probability of collision, but it may need lots of average power traces to process an attack and is sensitive to errors. In 2011, Bogdanov proposed an attack strategy [17] that uses the results of DPA to test chain separately This method can improve the success probability in a sense that it cannot check the mistakes in collision detection which highly impact the attack results.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
