Paper 2006/374

Robust Final-Round Cache-Trace Attacks Against AES

Joseph Bonneau


This paper describes an algorithm to attack AES using side-channel information from the final round cache lookups performed by the encryption, specifically whether each access hits or misses in the cache, building off of previous work by Aciicmez and Koc. It is assumed that an attacker could gain such a trace through power consumption analysis or electromagnetic analysis. This information has already been shown to lead to an effective attack. This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem. In this way, an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing. This paper also differs from previous work in assuming a partially pre-loaded cache, proving that cache trace attacks are still effective in this scenario with the number of samples required being inversely related to the percentage of cache which is pre-loaded.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
AEScryptanalysisside-channel attackpower analysiscache
Contact author(s)
jbonneau @ stanford edu
2006-11-03: received
Short URL
Creative Commons Attribution


      author = {Joseph Bonneau},
      title = {Robust Final-Round Cache-Trace Attacks Against {AES}},
      howpublished = {Cryptology ePrint Archive, Paper 2006/374},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.