Paper 2009/127

Side Channel Cube Attacks on Block Ciphers

Itai Dinur and Adi Shamir

Abstract

In this paper we formalize the notion of {\it leakage attacks} on iterated block ciphers, in which the attacker can find (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be typically represented by low degree multivariate polynomials, cube attacks seem to be an ideal generic key recovery technique in these situations. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop a new variant of cube attack which can tolerate considerable levels of noise (affecting more than 11\% of the leaked bits in practical scenarios). Finally, we demonstrate our approach by describing efficient leakage attacks on two of the best known block ciphers, AES (requiring about $2^{35}$ time for full key recovery) and SERPENT (requiring about $2^{18}$ time for full key recovery).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Submitted to CHES 2009
Contact author(s)
itaid @ weizmann ac il
History
2009-03-20: received
Short URL
https://ia.cr/2009/127
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/127,
      author = {Itai Dinur and Adi Shamir},
      title = {Side Channel Cube Attacks on Block Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/127},
      year = {2009},
      url = {https://eprint.iacr.org/2009/127}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.