Correlation Power Analysis on AES - possible attack models

user100099

6/15/23, 10:52 AM

As far as I know it is possible to extract the key or key parts using side channel power analysis attack on AES, but we need some strong attacker model in order to do that. The first attack I know about is attacking the first AES round, comparing the first SBOX outcome, where we need to know the plaintext of our traces to perform this attack. The second attack doesnt require the knowledge of plaintext but only the ciphertext, which is a weaker attacker model, as we can sniff ciphertext. This only attacks the last round of AES and recovers the last roundkey of AES, which for my knowledge can only lead to full key recovery for AES128 and 192 but not AES256. The attacker also has to do more computations due of the shift rows operation between subbytes and ciphertext.

Do you know any other CPA or even more powerful attacks on AES? I know the DPA but isnt it just a weaker version of CPA and in general if we can perform CPA then why should we do DPA?

Is it possible to perform CPA without knowledge of either plaintext nor ciphertexts?

0 + 0

side-channel-attack

fgrieu

6/15/23, 10:58 AM

Notice that if you have recovered the full last round subkey of AES-256 knowing the last round's output (ciphertext), you can now compute the previous round's output, thus perhaps you can attack that previous round by the same method and recover its round key; and so on up.

user100099

6/15/23, 11:12 AM

@fgrieu what is butlast round output? afaik recovering AES256 key from last roundkey would take the complexity of 128bits

fgrieu

6/15/23, 11:42 AM

Sorry, I'm not a native English speaker. By "butlast round" I meant the round before the last round (penultimate round). I have directly edited my comment. The method I outline, when feasible, yields the subkey of the penultimate round with work comparable to recovering the 128-bit subkey of the last round, and that yields more information about the key without requiring exhaustive search.

Score:1

Crypto

fgrieu

6/15/23, 3:45 PM

The question, and this answer, assumes Correlation Power Analysis can find the last round key of AES-256 under a known-ciphertext attack. That's finding the 128-bit key input of AddRoundKey in round 14 knowing it's output.

Once that's done, from the known ciphertext and that 128-bit key, it's possible to compute the output of AddRoundKey in round 13 for each known ciphertext (we start from the known-ciphertext, and invert AddRoundKey, ShiftRows, SubBytes, just as in decryption).

Thus the same conditions that allowed CPA in round 14 now apply to round 13. And then, by performing this attack earlier on in the execution, it seems possible to find the 128-bit key input of AddRoundKey in round 13. Note: there's a significant difference though: in round 13 there is MixColumns between ShiftRows and AddRoundKey, when that's not in round 14.

When and if that second CPA is done, we have enough information to find the full 256-bit AES key.

0 + 0

user100099

6/15/23, 4:21 PM

knowing the last roundkey and ciphertext means I can inverse calculate the last round and end up with the input into the last sub byte operation. Before that there is the 13th round key addition phase, where the 14th subkey is xored with the output of mixcolumn of the rround before. how do we figure out the 14th subkey value, if we only know the output of the mixcolumns Xor key operation?

fgrieu

6/15/23, 6:35 PM

@user100099: You are correct that there is a significant difference in round 14 and in round 13, and the answer now acknowledges that. Sorry, I won't go into the details of an actual CPA attack. Big picture of my point remains valid, I hope: once round 14 has been successfully attacked, we have the output of round 13 much like we have that for round 14 under known ciphertext attack, and we can hope to mount an (admittedly different) CPA attack on round 13.

kelalaka

6/22/23, 1:35 AM

There is one important problem here; normally you don't expect someone decrypts the ciphertext again and again. In a normal operation, you have one shot. To force the user/system to decrypt again one might need an additional fault attack or some other mechanism in the protocol...

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Correlation Power Analysis on AES - possible attack models

TH: การวิเคราะห์พลังความสัมพันธ์บน AES - โมเดลการโจมตีที่เป็นไปได้

RO: Analiza puterii de corelație pe AES - posibile modele de atac

RU: Correlation Power Analysis на AES — возможные модели атак

VI: Phân tích sức mạnh tương quan trên AES - các mô hình tấn công có thể xảy ra

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.