Paper 2015/542
Improved Side-Channel Analysis of Finite-Field Multiplication
Sonia Belaïd, Jean-Sébastien Coron, Pierre-Alain Fouque, Benoît Gérard, Jean-Gabriel Kammerer, and Emmanuel Prouff
Abstract
A side-channel analysis of multiplication in GF(2^{128}) has recently been published by Belaïd, Fouque and Gérard at Asiacrypt 2014, with an application to AES-GCM. Using the least significant bit of the Hamming weight of the multiplication result, the authors have shown how to recover the secret multiplier efficiently. However such least significant bit is very sensitive to noise measurement; this implies that without averaging their attack can only work for high signal-to-noise ratios (SNR > 128). In this paper we describe a new side-channel attack against the multiplication in GF(2^{128}) that uses the most significant bits of the Hamming weight. We show that much higher values of noise can be then tolerated. For instance with an SNR equal to 8, the key can be recovered using 2^{20} consumption traces with time and memory complexities respectively equal to 2^{51.68} and 2^{36}. We moreover show that the new method can be extended to attack the fresh re-keying countermeasure proposed by Medwed, Standaert, Großschädl and Regazzoni at Africacrypt 2010.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in CHES 2015
- Keywords
- Side-Channel AnalysisGalois Field MultiplicationLPN problem
- Contact author(s)
- sonia belaid @ live fr
- History
- 2015-06-08: received
- Short URL
- https://ia.cr/2015/542
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/542,
author = {Sonia Belaïd and Jean-Sébastien Coron and Pierre-Alain Fouque and Benoît Gérard and Jean-Gabriel Kammerer and Emmanuel Prouff},
title = {Improved Side-Channel Analysis of Finite-Field Multiplication},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/542},
year = {2015},
url = {https://eprint.iacr.org/2015/542}
}
