Paper 2019/343

Optimizations of Side-Channel Attack on AES MixColumns Using Chosen Input

Aurelien Vasselle and Antoine Wurcker


Considering AES sub-steps that can be attacked with a small guess space, the most practicable is to target SubBytes of extremal rounds. For its contrast between candidates (non-linearity) and that the search space is reduced to 28 -sized blocks. But when such point of interests are not available, MixColumns may be considered but involve search spaces of 2^32 -sized blocks. This number of attacks to run being often considered as unrealistic to reach, published papers propose to attack using chosen inputs in order to reduce back search space to 2^8 -sized blocks. Several sets of chosen inputs acquisition will then be required to succeed an attack. Our contribution consists in an optimization of usage of gained information that allows to drastically reduce the number of set needed to realize such an attack, even to only one set in some configurations.

Available format(s)
Secret-key cryptography
Publication info
Preprint. Minor revision.
AESAdvanced Encryption StandardSide-channelSCAMixColumns
Contact author(s)
wurcker01 @ gmail com
aurelien vasselle @ eshard com
2019-04-03: received
Short URL
Creative Commons Attribution


      author = {Aurelien Vasselle and Antoine Wurcker},
      title = {Optimizations of Side-Channel Attack on AES MixColumns Using Chosen Input},
      howpublished = {Cryptology ePrint Archive, Paper 2019/343},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.