Improved Side-Channel Analysis of Finite-Field Multiplication

Abstract : A side-channel analysis of multiplication in GF(2^128) has recently been published by Belaïd, Fouque and Gérard at Asiacrypt 2014, with an application to AES-GCM. Using the least significant bit of the Hamming weight of the multiplication result, the authors have shown how to recover the secret multiplier efficiently. However such least significant bit is very sensitive to noise measurement; this implies that, without averaging, their attack can only work for high signal-to-noise ratios (SNR>128). In this paper we describe a new side-channel attack against the multiplication in GF(2^128) that uses the most significant bits of the Hamming weight. We show that much higher values of noise can be then tolerated. For instance with an SNR equal to 8, the key can be recovered using 220 consumption traces with time and memory complexities respectively equal to 251.68 and 236. We moreover show that the new method can be extended to attack the fresh re-keying countermeasure proposed by Medwed, Standaert, Großschädl and Regazzoni at Africacrypt 2010.
Type de document :
Communication dans un congrès
CHES 2015, Sep 2015, Saint-Malo, France. Cryptographic Hardware and Embedded Systems -- CHES 2015, 9293, 2015, series Lecture Notes in Computer Science. 〈10.1007/978-3-662-48324-4_20〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01216706
Contributeur : Sonia Belaid <>
Soumis le : vendredi 16 octobre 2015 - 17:23:54
Dernière modification le : mardi 3 juillet 2018 - 13:10:02

Identifiants

Citation

Sonia Belaïd, Jean-Sébastien Coron, Pierre-Alain Fouque, Benoît Gérard, Jean-Gabriel Kammerer, et al.. Improved Side-Channel Analysis of Finite-Field Multiplication. CHES 2015, Sep 2015, Saint-Malo, France. Cryptographic Hardware and Embedded Systems -- CHES 2015, 9293, 2015, series Lecture Notes in Computer Science. 〈10.1007/978-3-662-48324-4_20〉. 〈hal-01216706〉

Partager

Métriques

Consultations de la notice

483