Paper 2015/535

ASCA, SASCA and DPA with Enumeration: Which One Beats the Other and When?

Vincent Grosso and François-Xavier Standaert

Abstract

We describe three contributions regarding the Soft Analytical Side-Channel Attacks (SASCA) introduced at Asiacrypt 2014. First, we compare them with Algebraic Side-Channel Attacks (ASCA) in a noise-free simulated setting. We observe that SASCA allow more efficient key recoveries than ASCA, even in this context (favorable to the latter). Second, we describe the first working experiments of SASCA against an actual AES implementation. Doing so, we analyse their profiling requirements, put forward the significant gains they provide over profiled Differential Power Analysis (DPA) in terms of number of traces needed for key recoveries, and discuss the specificities of such concrete attacks compared to simulated ones. Third, we evaluate the distance between SASCA and DPA enhanced with computational power to perform enumeration, and show that the gap between both attacks can be quite reduced in this case. Therefore, our results bring interesting feedback for evaluation laboratories. They suggest that in several relevant scenarios (e.g. attacks exploiting many known plaintexts), taking a small margin over the security level indicated by standard DPA with enumeration should be sufficient to prevent more elaborate attacks such as SASCA. By contrast, SASCA may remain the only option in more extreme scenarios (e.g. attacks with unknown plaintexts/ciphertexts or against leakage-resilient primitives). We conclude by recalling the algorithmic dependency of the latter attacks, and therefore that our conclusions are specific to the AES.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Contact author(s)
fstandae @ uclouvain be
History
2015-06-08: received
Short URL
https://ia.cr/2015/535
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/535,
      author = {Vincent Grosso and François-Xavier Standaert},
      title = {ASCA, SASCA and DPA with Enumeration: Which One Beats the Other and When?},
      howpublished = {Cryptology ePrint Archive, Paper 2015/535},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/535}},
      url = {https://eprint.iacr.org/2015/535}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.