Abstract
In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed - binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks (MDCA). When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage.
Original language | English |
---|---|
Title of host publication | Proceedings of 10th International Workshop on Cryptographic Hardware and Embedded Systems – CHES 2008 |
Volume | 5154 |
Publication date | 2008 |
Pages | 30-44 |
Publication status | Published - 2008 |
Externally published | Yes |
Event | 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008) - Washington, United States Duration: 10 Aug 2008 → 13 Aug 2008 Conference number: 10 |
Workshop
Workshop | 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008) |
---|---|
Number | 10 |
Country/Territory | United States |
City | Washington |
Period | 10/08/2008 → 13/08/2008 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 5154 |
ISSN | 0302-9743 |