Skip to main content
SpringerLink
Log in

ASCA vs. SASCA

A Closer Look at the AES Key Schedule

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13979))

  • 543 Accesses

Abstract

We compare two key recovery methods for single trace attacks on the AES key schedule. The 2018 CHES capture-the-flag (CTF) challenge which includes an unprotected key schedule raises the question, which method performs best during key recovery: Soft Analytical Side-Channel Attacks (SASCAs) or Algebraic Side-Channel Attacks (ASCAs). SASCAs as well as ASCAs exploit knowledge about the attacked algorithm by leakage recombination and allow for a computationally efficient key recovery based on e.g. Hamming Weight (HW) leakage. We use Belief Propagation (BP), which is the most popular choice for SASCA and a SAT solver as an ASCA algorithm. In this work we attack real traces of the CTF challenge to demonstrate the limitations of SASCAs while handling the XOR operation. We exemplify that SASCAs may not always be the most favorable solution. The comparison is solidified by evaluating the success rate of SASCAs and ASCAs with simulated HW leakage on varying noise levels. During attacks on the AES key schedule the convergence of BP is not only graph dependent but data dependent. Further, we discuss possible graph clusters and adaptations of the input distributions to mitigate the influence of the XOR operations and increase the success rate of BP. All experiments are compared against equivalent SAT solver approaches. Based on our results we propose a combination of brute-force and BP to level the performance of the SAT solver and BP. Apart from this, we address unsolved questions regarding the benefit of an early break of BP and point out implementation details which lead to a better success rate.

J. Heyszl and F. Unterstein—Work was done while the author was at Fraunhofer AISEC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AES Furious. http://point-at-infinity.org/avraes/

  2. Adomnicai, A., Masson, L., Fournier, J.J.A.: Practical algebraic side-channel attacks against ACORN. In: Lee, K. (ed.) ICISC 2018. LNCS, vol. 11396, pp. 325–340. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12146-4_20

    Chapter  Google Scholar 

  3. Bard, G.V., Courtois, N.T., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via sat-solvers. IACR Cryptology ePrint Archive, p. 24 (2007). http://eprint.iacr.org/2007/024

  4. Bettale, L., Dottax, E., Ramphort, M.: Algebraic side-channel attacks on masked implementations of AES. In: Samarati, P., Obaidat, M.S. (eds.) Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Volume 2: SECRYPT, Porto, Portugal, 26-28 July 2018, pp. 424–435. SciTePress (2018). https://doi.org/10.5220/0006869504240435

  5. Le Bouder, H., Lashermes, R., Linge, Y., Thomas, G., Zie, J.-Y.: A multi-round side channel attack on AES using belief propagation. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds.) FPS 2016. LNCS, vol. 10128, pp. 199–213. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-51966-1_13

    Chapter  Google Scholar 

  6. Carlet, C., Faugère, J., Goyet, C., Renault, G.: Analysis of the algebraic side channel attack. J. Cryptogr. Eng. 2(1), 45–62 (2012). https://doi.org/10.1007/s13389-012-0028-0

  7. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  8. Damm, T., Freud, S., Klein, D.: Dissecting the CHES 2018 AES challenge. IACR Cryptol. ePrint Arch. p. 783 (2019), https://eprint.iacr.org/2019/783

  9. Gohr, A., Jacob, S., Schindler, W.: CHES 2018 side channel contest CTF - solution of the AES challenges. IACR Cryptology ePrint Archive, vol. 2019, p. 94 (2019). https://eprint.iacr.org/2019/094

  10. Gohr, A., Jacob, S., Schindler, W.: Efficient solutions of the CHES 2018 AES challenge using deep residual neural networks and knowledge distillation on adversarial examples. IACR Cryptology ePrint Archive, vol. 2020, p. 165 (2020). https://eprint.iacr.org/2020/165

  11. Green, J., Roy, A., Oswald, E.: A systematic study of the impact of graphical models on inference-based attacks on AES. In: Bilgin, B., Fischer, J.-B. (eds.) CARDIS 2018. LNCS, vol. 11389, pp. 18–34. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15462-2_2

    Chapter  Google Scholar 

  12. Grosso, V., Standaert, F.-X.: ASCA, SASCA and DPA with enumeration: which one beats the other and when? In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 291–312. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_12

    Chapter  Google Scholar 

  13. Guo, Q., Grosso, V., Standaert, F., Bronchain, O.: Modeling soft analytical side-channel attacks from a coding theory viewpoint. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 209–238 (2020). https://doi.org/10.13154/tches.v2020.i4.209-238

  14. Hamburg, M., et al.: Chosen ciphertext k-trace attacks on masked CCA2 secure kyber. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 88–113 (2021). https://doi.org/10.46586/tches.v2021.i4.88-113

  15. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, 27–30 June 2016, pp. 770–778. IEEE Computer Society (2016). https://doi.org/10.1109/CVPR.2016.90

  16. Hermelink, J., Pessl, P., Pöppelmann, T.: Fault-enabled chosen-ciphertext attacks on Kyber. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 311–334. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_15

    Chapter  Google Scholar 

  17. Hermelink, J., Streit, S., Strieder, E., Thieme, K.: Adapting belief propagation to counter shuffling of NTTs. IACR Cryptology ePrint Archive, p. 555 (2022). https://eprint.iacr.org/2022/555

  18. Kannwischer, M.J., Pessl, P., Primas, R.: Single-trace attacks on keccak. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 243–268 (2020). https://doi.org/10.13154/tches.v2020.i3.243-268

  19. MacKay, D.J.C.: Information Theory, Inference, and Learning Algorithms. Cambridge University Press, Cambridge (2003)

    Google Scholar 

  20. Pessl, P., Primas, R.: More practical single-trace attacks on the number theoretic transform. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 130–149. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_7

    Chapter  Google Scholar 

  21. Picek, S., Perin, G., Mariot, L., Wu, L., Batina, L.: Sok: deep learning-based physical side-channel analysis. IACR Cryptology ePrint Archive, p. 1092 (2021). https://eprint.iacr.org/2021/1092

  22. Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 61–81. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_4

    Chapter  MATH  Google Scholar 

  23. Primas, R., Pessl, P., Mangard, S.: Single-trace side-channel attacks on masked lattice-based encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 513–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_25

    Chapter  Google Scholar 

  24. Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31815-6_35

    Chapter  Google Scholar 

  25. Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16342-5_29

    Chapter  Google Scholar 

  26. Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_8

    Chapter  Google Scholar 

  27. Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02777-2_24

    Chapter  Google Scholar 

  28. of Standards, N.I., Technology: advanced encryption standard. Technical report, Department of Commerce, Federal Information Processing Standards Publications (FIPS PUBS) 197, 2001, U.S., Washington, D.C. (2001). https://doi.org/10.6028/nist.fips.197

  29. VanLaven, J., Brehob, M., Compton, K.J.: Side channel analysis, fault injection and applications - a computationally feasible SPA attack on AES VIA optimized search. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 577–588. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-25660-1_38

    Chapter  Google Scholar 

  30. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Soft analytical side-channel attacks. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 282–296. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_15

    Chapter  Google Scholar 

  31. You, S., Kuhn, M.G.: Single-trace fragment template attack on a 32-bit implementation of keccak. In: Grosso, V., Pöppelmann, T. (eds.) CARDIS 2021. LNCS, vol. 13173, pp. 3–23. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-97348-3_1

Download references

Acknowledgements

This work was supported by the German Ministry of Education, Research and Technology in the context of the project Aquorypt (reference numbers 16KIS1018).

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Applied and Integrated Security (AISEC), Lichtenbergstraße 11, 85748, Garching near by Munich, Germany

    Emanuele Strieder, Manuel Ilg, Johann Heyszl & Silvan Streit

  2. Infineon Technologies AG, Munich, Germany

    Florian Unterstein

  3. Google GmbH, Munich, Germany

    Johann Heyszl

Authors
  1. Emanuele Strieder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Ilg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johann Heyszl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Florian Unterstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Silvan Streit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emanuele Strieder .

Editor information

Editors and Affiliations

  1. University of Passau, Passau, Germany

    Elif Bilge Kavun

  2. Technical University of Munich, Munich, Germany

    Michael Pehl

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Strieder, E., Ilg, M., Heyszl, J., Unterstein, F., Streit, S. (2023). ASCA vs. SASCA. In: Kavun, E.B., Pehl, M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2023. Lecture Notes in Computer Science, vol 13979. Springer, Cham. https://doi.org/10.1007/978-3-031-29497-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-29497-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-29496-9

  • Online ISBN: 978-3-031-29497-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation