Skip to Main content Skip to Navigation
Conference papers

Side-Channel Analysis of Multiplications in GF$(2^{128})$: Application to AES-GCM

Sonia Belaïd 1, 2 Benoît Gérard 3 Pierre-Alain Fouque 4, 5
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique - ENS Paris, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
4 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
Abstract : In this paper, we study the side-channel security of the field multiplication in GF(2^n). We particularly focus on GF(2^128) multiplication which is the one used in the authentication part of AES−GCM but the proposed attack also applies to other binary extensions. In a hardware implementation using a 128-bit multiplier, the full 128-bit secret is manipulated at once. In this context, classical DPA attacks based on the divide and conquer strategy cannot be applied. In this work, the algebraic structure of the multiplication is leveraged to recover bits of information about the secret multiplicand without having to perform any key-guess. To do so, the leakage corresponding to the writing of the multiplication output into a register is considered. It is assumed to follow a Hamming weight/distance leakage model. Under these particular, yet easily met, assumption we exhibit a nice connection between the key recovery problem and some classical coding and Learning Parities with Noise problems with certain instance parameters. In our case, the noise is very high, but the length of the secret is rather short. In this work we investigate different solving techniques corresponding to different attacker models and eventually refine the attack when considering particular implementations of the multiplication.
Document type :
Conference papers
Complete list of metadata
Contributor : Sonia Belaid Connect in order to contact the contributor
Submitted on : Thursday, December 11, 2014 - 11:40:19 AM
Last modification on : Friday, January 21, 2022 - 3:19:37 AM



Sonia Belaïd, Benoît Gérard, Pierre-Alain Fouque. Side-Channel Analysis of Multiplications in GF$(2^{128})$: Application to AES-GCM. Asiacrypt 2014, Dec 2014, Kaohsiung, Taiwan. ⟨10.1007/978-3-662-45608-8_17⟩. ⟨hal-01093865⟩



Les métriques sont temporairement indisponibles