Paper 2007/318
On the complexity of side-channel attacks on AES-256 -- methodology and quantitative results on cache attacks
Michael Neve and Kris Tiri
Abstract
Larger key lengths translate into an exponential increase in the complexity of an exhaustive search. Side-channel attacks, however, use a divide-and-conquer approach and hence it is generally assumed that increasing the key length cannot be used as mitigation. Yet, the internal round structure of AES-256 and its key-scheduling seem to hinder a direct extension of the existing attacks on AES-128 and thus challenge the proposition above. Indeed two consecutives round keys are required to infer the secret key and the MixColumns operation, not present in the last round, apparently increases the key search complexity from to 2^8 to 2^32. Additionally, it is unclear what the impact of the different round structures is on the number of required measurements. In this paper, we explore this question and show how to attack AES-256 with a key search complexity of O(2^8). This work confirms with practical experiments that AES-256 only offers a marginal increase in resistance against the attacks –both in the required number of measurements and in the required processing time. As an example, we quantify this increase for the case of cache-based side-channel attacks: AES-256 only provides an increase in complexity of 6 to 7 compared to cache-based attacks on AES-128.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Unknown where it was published
- Contact author(s)
- michael neve de mevergnies @ intel com
- History
- 2007-08-16: received
- Short URL
- https://ia.cr/2007/318
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/318, author = {Michael Neve and Kris Tiri}, title = {On the complexity of side-channel attacks on {AES}-256 -- methodology and quantitative results on cache attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2007/318}, year = {2007}, url = {https://eprint.iacr.org/2007/318} }