Paper 2009/279

Algebraic Side-Channel Attacks

Mathieu Renauld and Francois-Xavier Standaert


In 2002, algebraic attacks using overdefined systems of equations have been proposed as a potentially very powerful cryptanalysis technique against block ciphers. However, although a number of convincing experiments have been performed against certain reduced algorithms, it is not clear wether these attacks can be successfully applied in general and to a large class of ciphers. In this paper, we show that algebraic techniques can be combined with side-channel attacks in a very effective and natural fashion. As an illustration, we apply them to the block cipher PRESENT that is a stimulating first target, due to its simple algebraic structure. The proposed attacks have a number of interesting features: (1) they exploit the information leakages of all the cipher rounds, (2) in common implementation contexts (e.g. assuming a Hamming weight leakage model), they recover the block cipher keys after the observation of a single encryption, (3) these attacks can succeed in an unknown-plaintext/ciphertext adversarial scenario and (4) they directly defeat countermeasures such as boolean masking. Eventually, we argue that algebraic side-channel attacks can take advantage of any kind of physical leakage, leading to a new tradeoff between the robustness and informativeness of the side-channel information extraction.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
cryptanalysisside-channel attacksblock ciphers
Contact author(s)
fstandae @ uclouvain be
2009-06-11: received
Short URL
Creative Commons Attribution


      author = {Mathieu Renauld and Francois-Xavier Standaert},
      title = {Algebraic Side-Channel Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2009/279},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.