A Strict Key Enumeration Algorithm for Dependent Score Lists of Side-Channel Attacks

Abstract

Post-processing of side-channel attack trades computational efforts to recover the secret key even when some subkeys are not ranked the highest in their score lists. Recently, many key enumeration (KE) algorithms have been proposed, which attempt to effectively enumerate the key candidates in the sequence of the score of the combined key. However, the existing KE algorithm can only combine the score lists of independent subkeys. In this paper, we consider a more general key enumeration algorithm, which can combine the score lists that are internally restricted by each other. The proposed key enumeration algorithm can for example combine the score lists for \(k_0\), \(k_1\) and \(k_0 \oplus k_1\), while the existing KE algorithms cannot be directly extended to solve this problem efficiently. We propose an efficient strict key enumeration algorithm that can run recursively for dependent score lists. With simulated side-channel leakage of AES-128, the proposed KE algorithm can enumerate the key according to 16 score lists of subkeys and 15 score lists of subkey difference. This KE algorithm can enumerate up to \(2^{21}\) keys using 5 h and 128 MB of RAM with a normal PC. By taking advantage of the dependent score lists, the key recovery experiments using simulated power data show that the success rate is largely improved in general. The rank of correct key is statistically higher with the additionally used score lists.