Paper 2013/636

SCARE of Secret Ciphers with SPN Structures

Matthieu Rivain and Thomas Roche


Side-Channel Analysis (SCA) is commonly used to recover secret keys involved in the implementation of publicly known cryptographic algorithms. On the other hand, Side-Channel Analysis for Reverse Engineering (SCARE) considers an adversary who aims at recovering the secret design of some cryptographic algorithm from its implementation. Most of previously published SCARE attacks enable the recovery of some secret parts of a cipher design --{\it e.g.} the substitution box(es)-- assuming that the rest of the cipher is known. Moreover, these attacks are often based on idealized leakage assumption where the adversary recovers noise-free side-channel information. In this paper, we address these limitations and describe a generic SCARE attack that can recover the full secret design of any iterated block cipher with common structure. Specifically we consider the family of Substitution-Permutation Networks with either a classical structure (as the AES) or with a Feistel structure. Based on a simple and usual assumption on the side-channel leakage we show how to recover all parts of the design of such ciphers. We then relax our assumption and describe a practical SCARE attack that deals with noisy side-channel leakages.

Available format(s)
Publication info
A major revision of an IACR publication in ASIACRYPT 2013
Side-Channel AttacksReverse EngineeringSubstitution-Permutation Networks
Contact author(s)
matthieu rivain @ gmail com
2013-10-07: revised
2013-10-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Matthieu Rivain and Thomas Roche},
      title = {SCARE of Secret Ciphers with SPN Structures},
      howpublished = {Cryptology ePrint Archive, Paper 2013/636},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.