Block-oriented correlation power analysis with bitwise linear leakage: An artificial intelligence approach based on genetic algorithms

Abstract

Correlation power analysis (CPA) is known as a powerful method used to launch side-channel attacks on cryptographic devices. In the classic approach, the key is recovered word by word, whose length is usually determined by S-box. For parallel hardware implementations, the power consumption of the target intermediate state except the analyzed word is regarded as noise, which not only reduces the efficiency of CPA but also is a wast of information. Improved methods combining CPA with genetic algorithms were introduced by Zhang et al. (2015), and extended by Ding et al. (2019), in which all key words were processed simultaneously and power consumptions of S-box operations are fully utilized. While, for most hardware implementations, the leakage of S-box operations is not significant enough to support power analysis, such as implementing S-box and mixColumn together or locating registers after addRoundkey instead of S-box in AES.In this paper, we focus on a class of block ciphers which involve keys with XOR operation, and have bitwise linear leakages in their implementations. As far as we know, most block ciphers especially light weight block ciphers belong to this kind. Taking full use of genetic algorithms, a method processing a candidate key as a whole block instead of a combination of key words is proposed. We customize the genetic algorithm for this block-oriented CPA (BCPA) by selecting operators and determining parameters experimentally with respect to a 128-bit block cipher. simulation experimental results show that to achieve success rate 90%, BCPA requires only 600 traces which is 78.13% less than classic CPA and the corresponding computation cost of correlation coefficient is 60% less than classic CPA. when compared with key enumeration algorithm, our method requires 33.33% less traces to achieve success rate 90%, and has exponentially lower time complexity. experiments performed on SAKURA-G board verify the efficiency of BCPA when applied on AES-128. the number of traces required by BCPA to recover the whole key almost reaches the theoretical minimal threshold of attacks based on correlation coefficients, and is nearly 47.14% of classic CPA.