Cryptology ePrint Archive: Report 2006/374

Robust Final-Round Cache-Trace Attacks Against AES

Joseph Bonneau

Abstract: This paper describes an algorithm to attack AES using side-channel information from the final round cache lookups performed by the encryption, specifically whether each access hits or misses in the cache, building off of previous work by Aciicmez and Koc. It is assumed that an attacker could gain such a trace through power consumption analysis or electromagnetic analysis. This information has already been shown to lead to an effective attack. This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem. In this way, an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing. This paper also differs from previous work in assuming a partially pre-loaded cache, proving that cache trace attacks are still effective in this scenario with the number of samples required being inversely related to the percentage of cache which is pre-loaded.

Category / Keywords: implementation / AES, cryptanalysis, side-channel attack, power analysis, cache

Date: received 29 Oct 2006

Contact author: jbonneau at stanford edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20061103:162354 (All versions of this report)

Short URL: ia.cr/2006/374

Discussion forum: Show discussion | Start new discussion