Template Attacks in Principal Subspaces

Archambeau, Cédric; Peeters, Eric; Standaert, François‐Xavier; Quisquater, J.-J.

doi:10.1007/11894063_1

Cited by 204 publications

(203 citation statements)

References 11 publications

Supporting

Mentioning

186

Contrasting

Unclassified

Order By: Relevance

“…Due to the large dimensionality of the leakage traces, a number of heuristics have been proposed in the open literature in order to reduce the number of leakage samples to tractable values. In this paper, we consider the Principal Component Analysis (PCA) described in [3], of which we now recall the necessary background. For more details, we refer to the original paper.…”

Section: Information Extraction: Template Attacks In Principal Subspacesmentioning

confidence: 99%

Information Theoretic Evaluation of Side-Channel Resistant Logic Styles

Macé

Standaert

Quisquater

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

Abstract. We propose to apply an information theoretic metric to the evaluation of side-channel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to replace the need of actual measurements, we show that simulations can be used as a meaningful first step in the validation chain of a cryptographic product. For illustration purposes, we apply our methodology to gate-level simulations of different logic styles and stress that it allows a significant improvement of the previously considered evaluation methods. In particular, our results allow putting forward the respective strengths and weaknesses of actual countermeasures and determining to which extent they can practically lead to secure implementations (with respect to a noise parameter), if adversaries were provided with simulation-based side-channel traces. Most importantly, the proposed methodology can be straightforwardly adapted to adversaries provided with any other kind of leakage traces (including physical ones).

show abstract

Section: Information Extraction: Template Attacks In Principal Subspacesmentioning

confidence: 99%

Information Theoretic Evaluation of Side-Channel Resistant Logic Styles

Macé

Standaert

Quisquater

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

show abstract

“…Subsequent works have then been published which either show how to apply them against particular implementations (e.g. AES, RSA or ECDSA) or propose efficiency/effectiveness improvements [1,3,27,29]. In [27], the authors reduce the complexity of template attacks by first applying a pre-processing on the measurements (to go from time domain to frequency domain) and then by applying dimension reduction techniques (e.g.…”

Section: Practical Evaluation Of Template Attacksmentioning

confidence: 99%

“…PCA). The latter idea is also followed in [1] and [3]. In all those papers, the improvement of the template attacks efficiency is not studied at the algorithmic level.…”

Section: Practical Evaluation Of Template Attacksmentioning

confidence: 99%

“…In spite of the evidence of this observation, it is rarely taken into account when analysing the effectiveness of a side channel attack. Such an analysis is indeed frequently done under the assumption, sometimes implicit, that a small number of points of interest (POI) has already been extracted from the traces either by pattern matching [21], or by dimension reduction [1,6,7,32] or thanks to a previous successful attack [10,29]. However, the two first categories of techniques are not yet perfect and, after reduction, the traces are often still composed of several points in practice.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Behind the Scene of Side Channel Attacks

Lomné

Prouff

Roche

2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Abstract. Since the introduction of side channel attacks in the nineties, a large amount of work has been devoted to their effectiveness and efficiency improvements. On the one side, general results and conclusions are drawn in theoretical frameworks, but the latter ones are often set in a too ideal context to capture the full complexity of an attack performed in real conditions. On the other side, practical improvements are proposed for specific contexts but the big picture is often put aside, which makes them difficult to adapt to different contexts. This paper tries to bridge the gap between both worlds. We specifically investigate which kind of issues is faced by a security evaluator when performing a state of the art attack. This analysis leads us to focus on the very common situation where the exact time of the sensitive processing is drown in a large number of leakage points. In this context we propose new ideas to improve the effectiveness and/or efficiency of the three considered attacks. In the particular case of stochastic attacks, we show that the existing literature, essentially developed under the assumption that the exact sensitive time is known, cannot be directly applied when the latter assumption is relaxed. To deal with this issue, we propose an improvement which makes stochastic attack a real alternative to the classical correlation power analysis. Our study is illustrated by various attack experiments performed on several copies of three micro-controllers with different CMOS technologies (respectively 350, 130 and 90 nanometers).

show abstract

“…Note that the notion of profiling for our collision detection techniques is different from that for template attacks [14], [15]. While template attacks require detailed knowledge of the implementation in the profiling stage, the only information needed in the profiling stage of the collision detection methods is the time interval when the S-boxes are executed.…”

Section: Introductionmentioning

confidence: 99%

Multiple-Differential Side-Channel Collision Attacks on AES

Bogdanov

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed -binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks (MDCA).When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage.

show abstract

Template Attacks in Principal Subspaces

Cited by 204 publications

References 11 publications

Information Theoretic Evaluation of Side-Channel Resistant Logic Styles

Information Theoretic Evaluation of Side-Channel Resistant Logic Styles

Behind the Scene of Side Channel Attacks

Multiple-Differential Side-Channel Collision Attacks on AES

Contact Info

Product

Resources

About