Enhancing Collision Attacks

Ledig, Hervé; Muller, Frédéric; Valette, Frédéric

doi:10.1007/978-3-540-28632-5_13

Cited by 27 publications

(30 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another possibility is to use Side-Channel Collision Attacks (proposed against the DES in [25], and enhanced in [14]). For example, in [3], the author introduces the notion of generalized internal collisions for the AES.…”

Section: Fig 2 Three Interesting Leakage Points In the First Aes Roundmentioning

confidence: 99%

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Medwed

Petit

Regazzoni

et al. 2011

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. Security-aware embedded systems are widespread nowadays and many applications, such as payment, pay-TV and automotive applications rely on them. These devices are usually very resource constrained but at the same time likely to operate in a hostile environment. Thus, the implementation of low-cost protection mechanisms against physical attacks is vital for their market relevance. An appealing choice, to counteract a large family of physical attacks with one mechanism, seem to be protocol-level countermeasures. At last year's Africacrypt, a fresh re-keying scheme has been presented which combines the advantages of re-keying with those of classical countermeasures such as masking and hiding. The contribution of this paper is threefold: most importantly, the original fresh re-keying scheme was limited to one low-cost party (e.g. an RFID tag) in a two party communication scenario. In this paper we extend the scheme to n low-cost parties and show that the scheme is still secure. Second, one unanswered question in the original paper was the susceptibility of the scheme to algebraic SPA attacks. Therefore, we analyze this property of the scheme. Finally, we implemented the scheme on a common 8-bit microcontroller to show its efficiency in software.

show abstract

Section: Fig 2 Three Interesting Leakage Points In the First Aes Roundmentioning

confidence: 99%

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Medwed

Petit

Regazzoni

et al. 2011

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

show abstract

“…In fact, the most noticeable exceptions attempting to better exploit computational power in physical attacks are based on advanced techniques, e.g. exploiting the detection of collisions [5,18,31,32], or taking advantage of algebraic cryptanalysis [6,23,27,28], of which the practical relevance remains an open question (because of stronger assumptions). But as again suggested by previous works in statistical cryptanalysis, optimal key ranking procedures would be a more direct approach in order to better trade data and time complexities in "standard" side-channel attacks.…”

Section: Introductionmentioning

confidence: 99%

An Optimal Key Enumeration Algorithm and Its Application to Side-Channel Attacks

Veyrat-Charvillon

Gérard

Renauld

et al. 2013

Lecture Notes in Computer Science

103

View full text Add to dashboard Cite

Abstract. Methods for enumerating cryptographic keys based on partial information obtained on key bytes are important tools in cryptanalysis. This paper discusses two contributions related to the practical application and algorithmic improvement of such tools. On the one hand, we observe that modern computing platforms allow performing very large amounts of cryptanalytic operations, approximately reaching 2 50 to 2 60 block cipher encryptions. As a result, cryptographic key sizes for such ciphers typically range between 80 and 128 bits. By contrast, the evaluation of leaking devices is generally based on distinguishers with very limited computational cost, such as Kocher's Differential Power Analysis. We bridge the gap between these cryptanalytic contexts and show that giving side-channel adversaries some computing power has major consequences for the security of leaking devices. For this purpose, we first propose a Bayesian extension of non-profiled side-channel attacks that allows us to rate key candidates in function of their respective probabilities. Next, we investigate the impact of key enumeration taking advantage of this Bayesian formulation, and quantify the resulting reduction in the data complexity of the attacks. On the other hand, we observe that statistical cryptanalyses usually try to reduce the number and size of lists corresponding to partial information on key bytes, in order to limit the time and memory complexity of the key enumeration. Quite surprisingly, few solutions exist that allow an efficient merging of large lists of subkey candidates. We provide a new deterministic algorithm that significantly reduces the number of keys to test in a divide-and-conquer attack, at the cost of limited (practically tractable) memory requirements. It allows us to optimally enumerate key candidates from any number of (possibly redundant) lists of any size, given that the subkey information is provided as probabilities. As an illustration, we finally exhibit side-channel cryptanalysis experiments where the correct key candidate is ranked up to position 2 32 , in which our algorithm reduces the number of keys to test offline by an average factor 2 5 and a factor larger than 2 10 in the worst observed cases, compared to previous solutions. We also suggest examples of statistical attacks in which the new deterministic algorithm would allow improved results.

show abstract

“…The work of [21] and in particular recent works on collision attacks [3,4,5,6,7] veer away from long sequences of instructions [22,15], e.g. collisions that persist for an entire round, and target short-scale intermediate results.…”

Section: Introductionmentioning

confidence: 99%

Differential Cluster Analysis

Batina

Gierlichs

Lemke‐Rust

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a new technique called Differential Cluster Analysis for side-channel key recovery attacks. This technique uses cluster analysis to detect internal collisions and it combines features from previously known collision attacks and Differential Power Analysis. It captures more general leakage features and can be applied to algorithmic collisions as well as implementation specific collisions. In addition, the concept is inherently multivariate. Various applications of the approach are possible: with and without power consumption model and single as well as multi-bit leakage can be exploited. Our findings are confirmed by practical results on two platforms: an AVR microcontroller with implemented DES algorithm and an AES hardware module. To our best knowledge, this is the first work demonstrating the feasibility of internal collision attacks on highly parallel hardware platforms. Furthermore, we present a new attack strategy for the targeted AES hardware module.

show abstract

Enhancing Collision Attacks

Cited by 27 publications

References 11 publications

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

An Optimal Key Enumeration Algorithm and Its Application to Side-Channel Attacks

Differential Cluster Analysis

Contact Info

Product

Resources

About