Cryptology ePrint Archive: Report 2014/365

Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer

Luke Mather and Elisabeth Oswald and Carolyn Whitnall

Abstract: Following the pioneering CRYPTO '99 paper by Kocher et al., differential power analysis (DPA) was initially geared around low-cost computations performed using standard desktop equipment with minimal reliance on device-specific assumptions. In subsequent years, the scope was broadened by, e.g., making explicit use of (approximate) power models. An important practical incentive of so-doing is to reduce the data complexity of attacks, usually at the cost of increased computational complexity. It is this trade-off which we seek to explore in this paper. We draw together emerging ideas from several strands of the literature---high performance computing, post-side-channel global key enumeration, and effective combination of separate information sources---by way of advancing (non-profiled) `standard DPA' towards a more realistic threat model in which trace acquisitions are scarce but adversaries are well resourced. Using our specially designed computing platform (including our parallel and scalable DPA implementation, which allows us to work efficiently with as many as 2^{32} key hypotheses), we demonstrate some dramatic improvements that are possible for `standard DPA' when combining DPA outcomes for several intermediate targets. Unlike most previous `information combining' attempts, we are able to evidence the fact that the improvements apply even when the exact trace locations of the relevant information (i.e. the `interesting points') are not known a priori but must be searched simultaneously with the correct subkey.

Category / Keywords: implementation / differential power analysis

Original Publication (with minor differences): IACR-ASIACRYPT-2014

Date: received 26 May 2014, last revised 8 Feb 2016

Contact author: elisabeth oswald at bristol ac uk, luke mather at bristol ac uk, carolyn whitnall at bristol ac uk

Available format(s): PDF | BibTeX Citation

Note: This article is the final version submitted by the authors to Springer-Verlag on 09 Nov 2014.

Version: 20160208:172554 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]