Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer

Mather, Luke; Oswald, Elisabeth; Whitnall, Carolyn

doi:10.1007/978-3-662-45611-8_13

Cited by 32 publications

(16 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fantomas. Our attack against the implementation of Fantomas is a multi-target attack [26] because a normal attack failed to recover two bits of each attacked subkey. The multi-target attack enabled us to reveal the four key-bytes using 165 traces with 100% success rate.…”

Section: Resultsmentioning

confidence: 99%

Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice

Biryukov

Dinu

Großschädl

2016

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Side-Channel Analysis (SCA) represents a serious threat to the security of millions of smart devices that form part of the so-called Internet of Things (IoT). Choosing the "right" cryptographic primitive for the IoT is a highly challenging task due to the resource constraints of IoT devices and the variety of primitives. An important criterion to assess the suitability of a lightweight cipher with respect to SCA is the amount of leakage available to an adversary. In this paper, we analyze the efficiency of different selection functions that are commonly used in Correlation Power Analysis (CPA) attacks on symmetric primitives. To this end, we attacked implementations of the lightweight block ciphers AES, Fantomas, LBlock, Piccolo, PRINCE, RC5, Simon, and Speck on an 8-bit AVR processor. By exploring the relation between the nonlinearity of the studied selection functions and the measured leakages, we discovered some imperfections when using nonlinearity to quantify the resilience against CPA. Then, we applied these findings in an evaluation of the "intrinsic" CPA-resistance of unprotected implementations of the eight mentioned ciphers. We show that certain implementation aspects can influence the leakage level and try to explain why. Our results shed new light on the resilience of basic operations executed by these ciphers against CPA and help to bridge the gap between theory and practice.

show abstract

Section: Resultsmentioning

confidence: 99%

Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice

Biryukov

Dinu

Großschädl

2016

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…With the increase number of power traces, the correct key will reach the first position. Martin et al constructed an extremely efficient algorithm that accurately computing the rank of a (known) key in the list of all keys [8]. This approach is tweaked and can be also utilised to enumerate the most likely keys in a parallel fashion.…”

Section: Related Workmentioning

confidence: 99%

“…They don't consider the relationship between the repetitions and guessing entropy. So, very different from [8], we make use of the information leaking from the guessing entropy to recover the key rather than only a kind of evaluation in this paper. Our scheme significantly improves the efficiency of CPA.…”

Section: Related Workmentioning

confidence: 99%

Uncertain? No, It’s Very Certain!

Zhu

Sun

et al. 2016

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

“…This is illustrated by recent work, e.g. [1,22] investigates the usage of graphics processing units to accelerate the computation while [20] explores the sophisticated usage of high-performance computing in this setting. Although many hardware designers and power analysis experts report whether the implementations of their techniques withstand (higher order) correlation attacks, it is often not reported how much time was required to mount such attacks.…”

Section: Introductionmentioning

confidence: 97%

Computational aspects of correlation power analysis

Bottinelli

Bos

2016

J Cryptogr Eng

View full text Add to dashboard Cite

Since the discovery of simple power attacks, the cryptographic research community has developed significantly more advanced attack methods. The idea behind most algorithms remains to perform a statistical analysis by correlating the power trace obtained when executing a cryptographic primitive to a key-dependent guess. With the advancements of cryptographic countermeasures, it is not uncommon that sophisticated (higher order) power attacks require computation on many millions of power traces to find the desired correlation. In this paper, we study the computational aspects of calculating the most widely used correlation coefficient: the Pearson product-moment correlation coefficient. We study various time-memory trade-off techniques which apply specifically to the cryptologic setting and present methods to extend already completed computations using incremental versions. Moreover, we show how this technique can be applied to second-order attacks, reducing the attack cost significantly when adding new traces to an existing dataset. We also present methods which allow one to split the potentially huge trace set into smaller, more manageable chunks to reduce the memory requirements. Our parallel implementation of these techniques highlights the benefits of this approach as it allows efficient computations on power measurements consisting of hundreds of gigabytes on a single modern workstation.

show abstract

Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer

Cited by 32 publications

References 24 publications

Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice

Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice

Uncertain? No, It’s Very Certain!

Computational aspects of correlation power analysis

Contact Info

Product

Resources

About