Algebraic Side-Channel Analysis in the Presence of Errors

• Published in: Cryptographic Hardware and Embedded Systems, CHES 2010 pp. 428 - 442
• Main Authors: Oren, Yossef, Kirschbaum, Mario, Popp, Thomas, Wool, Avishai
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: Algebraic attacks; power analysis; pseudo-Boolean optimization; side-channel attacks
• ISBN: 9783642150302; 3642150306
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-15031-9_29

Measurement errors make power analysis attacks difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by [18] to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. The PBOPT instance can then be solved using a suitable optimization problem solver. The PBOPT syntax provides for a more expressive input specification which allows a very natural representation of measurement errors. Most importantly, we show that using our approach we are able to mount successful and efficient single-trace attacks even in the presence of realistic error rates of 10%–20%. We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA). We show practical attacks on two real ciphers: Keeloq and AES.