Efficient side-channel attacks beyond divide-and-conquer strategy

Side channel attacks exploit physical information that leaks from a cryptographic device, for example power, to extract secret information, such as secret keys. While such attacks are effective for small keys with 8 or 16 bits, they are not viable in practice, however, where keys are much larger, such as 128 bits in AES 128 or more. In order to scale these attacks, some form of divide-and-conquer strategy is typically used, where the attacker divides the key into subkeys and attempts to recover the subkeys separately and then combines them to form the key. In this paper we address two problems that render divide-and-conquer based attacks largely ineffective in practice: First, the power leakage models are inaccurate because of the noise caused by computation involving the remaining portion of the key. We show how better leakage models can improve the accuracy of the resulting leakage models. Second, naïvely combining the recovered subkeys during the attack phase is ineffective, as errors in the subkey recoveries compound. We show how leakage models from other stages of the cryptographic computation can be leveraged to validate (we call this “reinforce”) the choice of recovered subkeys. Experiments using AES 128 leakage data show that (1) leakage models that use the entire key are far superior over subkey-based models, (2) that reinforcement of subkey selection through validation with leakage in a single additional round of the encryption process is both efficient and highly effective (performance improvements up to 240% in key recovery rate in some cases), and (3) the benefits of using more than one additional round are negligible. This work is paving the way towards the study of data-driven system identification techniques to be applied in side-channel attacks.