ASCA vs. SASCA - A Closer Look at the AES Key Schedule

Strieder, Emanuele and Ilg, Manuel and Heyszl, Johann and Unterstein, Florian and Streit, Silvan

doi:10.1007/978-3-031-29497-6_4

User: Guest

DBLP:conf/cosade/StriederIHUS23

Document type:: Konferenzbeitrag
Author(s):: Strieder, Emanuele and Ilg, Manuel and Heyszl, Johann and Unterstein, Florian and Streit, Silvan
Title:: ASCA vs. SASCA - A Closer Look at the AES Key Schedule
Abstract:: We compare two key recovery methods for single trace attacks on the AES key schedule. The 2018 CHES capture-the-flag (CTF) challenge which includes an unprotected key schedule raises the question, which method performs best during key recovery: Soft Analytical Side-Channel Attacks (SASCAs) or Algebraic Side-Channel Attacks (ASCAs). SASCAs as well as ASCAs exploit knowledge about the attacked algorithm by leakage recombination and allow for a computationally efficient key recovery based on e.g. Hamming Weight (HW) leakage. We use Belief Propagation (BP), which is the most popular choice for SASCA and a SAT solver as an ASCA algorithm. In this work we attack real traces of the CTF challenge to demonstrate the limitations of SASCAs while handling the XOR operation. We exemplify that SASCAs may not always be the most favorable solution. The comparison is solidified by evaluating the success rate of SASCAs and ASCAs with simulated HW leakage on varying noise levels. During attacks on the AES key schedule the convergence of BP is not only graph dependent but data dependent. Further, we discuss possible graph clusters and adaptations of the input distributions to mitigate the influence of the XOR operations and increase the success rate of BP. All experiments are compared against equivalent SAT solver approaches. Based on our results we propose a combination of brute-force and BP to level the performance of the SAT solver and BP. Apart from this, we address unsolved questions regarding the benefit of an early break of BP and point out implementation details which lead to a better success rate. «
We compare two key recovery methods for single trace attacks on the AES key schedule. The 2018 CHES capture-the-flag (CTF) challenge which includes an unprotected key schedule raises the question, which method performs best during key recovery: Soft Analytical Side-Channel Attacks (SASCAs) or Algebraic Side-Channel Attacks (ASCAs). SASCAs as well as ASCAs exploit knowledge about the attacked algorithm by leakage recombination and allow for a computationally efficient key recovery based on... »
Keywords:: SASCA · ASCA · Belief Propagation · SAT · AES · Key Schedule · Key Expansion
Dewey Decimal Classification:: 620 Ingenieurwissenschaften
Editor:: Kavun, Elif Bilge and Pehl, Michael
Book / Congress title:: Constructive Side-Channel Analysis and Secure Design - 14th International Workshop, COSADE 2023, Munich, Germany, April 3-4, 2023, Proceedings
Congress (additional information):: München
Volume:: 13979
Publisher:: Springer
Year:: 2023
Quarter:: 2. Quartal
Year / month:: 2023-04
Month:: Apr
Pages:: 65--85
Bookseries title:: Lecture Notes in Computer Science
Reviewed:: ja
Language:: en
Fulltext / DOI:: doi:10.1007/978-3-031-29497-6_4
WWW:: https://doi.org/10.1007/978-3-031-29497-6_4
BibTeX

Occurrences:

mediaTUM Gesamtbestand Hochschulbibliographie 2023 Schools und Fakultäten TUM School of Computation, Information and Technology Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2023