ASCA vs. SASCA - A Closer Look at the AES Key Schedule

Strieder, Emanuele and Ilg, Manuel and Heyszl, Johann and Unterstein, Florian and Streit, Silvan

doi:10.1007/978-3-031-29497-6_4

Benutzer: Gast

Sicherheit in der Informationstechnik (Prof. Sigl)

Zurück
Zurück zum Anfang der Trefferliste
Dauerhafter Link zum angezeigten Objekt

Dokumenttyp:: Konferenzbeitrag
Autor(en):: Strieder, Emanuele and Ilg, Manuel and Heyszl, Johann and Unterstein, Florian and Streit, Silvan
Titel:: ASCA vs. SASCA - A Closer Look at the AES Key Schedule
Abstract:: We compare two key recovery methods for single trace attacks on the AES key schedule. The 2018 CHES capture-the-flag (CTF) challenge which includes an unprotected key schedule raises the question, which method performs best during key recovery: Soft Analytical Side-Channel Attacks (SASCAs) or Algebraic Side-Channel Attacks (ASCAs). SASCAs as well as ASCAs exploit knowledge about the attacked algorithm by leakage recombination and allow for a computationally efficient key recovery based on e.g. Hamming Weight (HW) leakage. We use Belief Propagation (BP), which is the most popular choice for SASCA and a SAT solver as an ASCA algorithm. In this work we attack real traces of the CTF challenge to demonstrate the limitations of SASCAs while handling the XOR operation. We exemplify that SASCAs may not always be the most favorable solution. The comparison is solidified by evaluating the success rate of SASCAs and ASCAs with simulated HW leakage on varying noise levels. During attacks on the AES key schedule the convergence of BP is not only graph dependent but data dependent. Further, we discuss possible graph clusters and adaptations of the input distributions to mitigate the influence of the XOR operations and increase the success rate of BP. All experiments are compared against equivalent SAT solver approaches. Based on our results we propose a combination of brute-force and BP to level the performance of the SAT solver and BP. Apart from this, we address unsolved questions regarding the benefit of an early break of BP and point out implementation details which lead to a better success rate. «
We compare two key recovery methods for single trace attacks on the AES key schedule. The 2018 CHES capture-the-flag (CTF) challenge which includes an unprotected key schedule raises the question, which method performs best during key recovery: Soft Analytical Side-Channel Attacks (SASCAs) or Algebraic Side-Channel Attacks (ASCAs). SASCAs as well as ASCAs exploit knowledge about the attacked algorithm by leakage recombination and allow for a computationally efficient key recovery based on... »
Stichworte:: SASCA · ASCA · Belief Propagation · SAT · AES · Key Schedule · Key Expansion
Dewey-Dezimalklassifikation:: 620 Ingenieurwissenschaften
Herausgeber:: Kavun, Elif Bilge and Pehl, Michael
Kongress- / Buchtitel:: Constructive Side-Channel Analysis and Secure Design - 14th International Workshop, COSADE 2023, Munich, Germany, April 3-4, 2023, Proceedings
Kongress / Zusatzinformationen:: München
Band / Teilband / Volume:: 13979
Verlag / Institution:: Springer
Jahr:: 2023
Quartal:: 2. Quartal
Jahr / Monat:: 2023-04
Monat:: Apr
Seiten:: 65--85
Serientitel:: Lecture Notes in Computer Science
Reviewed:: ja
Sprache:: en
Volltext / DOI:: doi:10.1007/978-3-031-29497-6_4
WWW:: https://doi.org/10.1007/978-3-031-29497-6_4
BibTeX

Vorkommen:

mediaTUM Gesamtbestand Hochschulbibliographie 2023 Schools und Fakultäten TUM School of Computation, Information and Technology Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2023