1. Introduction
With the continuous development of information technology and electronic integrated circuit technology, cryptographic chips are widely used in people's work and life. It brings convenience but increases the risk of information security. It is imperative to study new technical means and tools to deal with new security threats. In the past, cryptographic devices were mainly cracked by mathematical analysis. It analyzed from the mathematical level to find the design defects of cryptographic algorithms [1]. However, mathematical analysis is inefficient due to the continuous improvement of cryptographic algorithms. The physical operation and interaction of encryption devices provide attackers with new information in addition to plaintext and ciphertext. For example, the encryption device will generate time [2], power consumption [3-5], electromagnetic energy [6-7], fault output [8], and other information in the encryption process. This information contains the structural characteristics of the cryptographic algorithm and intermediate data information. Side-channel analysis (SCA) was born because of this. The SCA cracks the key by analyzing the physical information leaked by the device. It subverted people's cognition of cryptographic security and soon became a research hotspot in the field of cryptography [9-12].
Generally speaking, SCA is divided into two categories: profiling analysis and non-profiling analysis. Profiling analysis needs to collect power data when the device is encrypted and establishes a power consumption probability model for leaked information. Then performing feature matching according to the constructed model to find the correct key. Non-profiling analysis uses the correlation between intermediate data and leaked information. It cracks the key through statistical analysis. Profiling analysis includes template attacks (TA) [13]. Non-profiling analysis includes simple power analysis (SPA) [14], differential power analysis (DPA) [15], and correlation power analysis (CPA) [16]. Among them, the use of DPA and CPA is the most common.
The traditional DPA is affected by noise or insufficient data, which leads to the wrong candidate key appearing at the peak. The peak occupied by the wrong candidate key is called “ghost peak”. This phenomenon seriously affects the correct rate of the attack. The common way to solve the ghost peak problem is to add more power traces, but this method will increase the attack cost. A low-cost way to solve the ghost peak problem needs to be found. One kind of research is to preprocess the power traces, such as wavelet transform denoising technology [17], Fourier transform [18], low-pass filters [19]. However, these methods need detailed parameters of the power traces such as sampling rate, and its application conditions are strict. Another way is to improve the analysis ability of DPA by changing the structure of DPA. In [20], the authors applied the Euclidean similarity algorithm to DPA and used the Euclidean similarity algorithm to adjust the mean absolute difference (MAD) value. This method ensures that the correct key has a higher MAD value than the others. In [21], Mahanta, Hridoy Jyoti et al. improved Euclidean Differential Power Analysis. They used the Canberra distance algorithm instead of the Euclidean similarity algorithm to improve peak distribution. Subsequently, Chen, Juncheng, et al. [22] proposed Normalized Differential Power Analysis. They normalized the MAD value matrix to effectively reduce the MAD values of ghost peaks. Although these methods improved the peak distribution, they also added additional calculations. No one has ever considered it from the perspective of the key guessing space. Compressing key guessing space method can reduce calculations and the appearance of ghost peaks.
In this paper, we propose a compressed key guessing space scheme to reduce the appearance of ghost peaks. To distinguish it from the traditional DPA, we named the DPA based on this scheme CKGS-DPA. The contributions of this paper are as follows:
⦁ We study the effects of DPA attacks based on different power leakage points and explain why the traditional DPA cannot distinguish the correct key when the attack point is AddRoundKey.
⦁ We modify the selection function of the traditional DPA and propose a key-related screening function to obtain the nibble key information when the attack point is AddRoundKey.
⦁ We combine the leaked information of SubBytes and AddRoundKey to construct a compressed key guessing space strategy based on the proposed key-related screening function.
Furthermore, we use different datasets to test the performance of CKGS-DPA and DPA. The experimental results show the excellent performance of CKGS-DPA.
The rest of the study is organized as follows. Section 2 briefly introduces the background of SCA. In Section 3, we study the impact of different power leakage points on the attack result and explain CKGS-DPA in detail. The experimental verification of the CKGS-DPA will be discussed in Section 4. Finally, Section 5 concludes the whole study.
2. Background
2.1 Power leakage points in AES
The Advanced Encryption Standard [23] is a data encryption standard that NIST publicly solicited in 1997. This algorithm has been widely used in various fields due to its high security and excellent performance. It fixed the plaintext block length to 128 bits. The key block length can be 128 bits, 192 bits, and 256 bits and consists of 10, 12, and 14 rounds, respectively. The operation blocks of each round include key expansion, AddRoundKey, SubBytes, ShiftRows, and MixColumns.
In the data processing of the AES encryption algorithm, the state of the register will change. The load capacitance of the CMOS circuit is charged and discharged with power consumption. This time can be called the power leakage point [24]. The distribution of power leakage points in Round 1 of the AES-128 algorithm is shown in Fig. 1. The intermediate data corresponding to the power leakage point is related to the same key. Attackers can select one of the power leakage points as the attack point to carry out a side-channel analysis.
Fig. 1. The distribution of power leakage points in AES-128 algorithm
2.1.2 Differential power analysis
The traditional DPA is based on the assumption that the mean of the power used to compute a logic ‘0’ and a logic ‘1’ are different at any bit position. The attackers do not need to know the detailed information of the attacked device based on this attack mode. Even if the power traces of the device contains noise, this method can still recover the key in the device.
During the attack phase, the attackers analyze the encryption device based on a power leakage point. They repeatedly run the encryption device 𝑁𝑁 times and its corresponding set of plaintext M = {mi|i ∈ [0, N]} and power traces are collected. Then attackers guess all possible values of the n-bit key kj, which belongs to key guessing space kguess = {kj|kj = j, j ∈ [0, 2n − 1]}. The corresponding intermediate value vi,j is defined as follows:
vi,j = f(mi, kj) (1)
where f denotes encryption operation, and mi denotes the ith plaintext, kj denotes the jth guessed key.
Subsequently, attackers need to construct a selection function to classify the power traces. Usually, this function takes the highest bit of the intermediate value as the benchmark and divides the power traces into two types according to the value of 0 or 1.
S0[j] = {Ti,n | D(vi,j) = 0}, S1[j] = {Ti,n | D(vi,j) = 1} (2)
where 1 ≤ i ≤ N, 1 ≤ n ≤ l, l denote the total number of sampling points in the power trace, and Ti,n represents the nth sampling point in the ith power trace, D(x) denotes the selection function.
Finally, attackers take the averages of all data in set S0[j] and S1[j] according to the guessed key kj and compute the difference of the averages of different sets. Then taking the absolute value of the final result as the MAD value of the guessed key kj. All intermediate signal values in power traces are randomly distributed. Therefore, the MAD value of this part approaches 0. If there is a peak value in the differential curve, the attack was successful. Otherwise, the attack failed, and the MAD value calculation formula is shown in Eq. (3).
\(\begin{aligned}\Delta t[j]=\left|\frac{1}{\left|S_{0}[j]\right|} \sum_{T_{i, n} \in S_{0}[j]} T_{i, n}-\frac{1}{\left|S_{1}[j]\right|_{T_{i, n} \in S_{1}[j]}} \sum_{i, n} \; T_{i,n}\right|\\\end{aligned}\) (3)
3. Our method
3.1 Research on Using AddRoundKey as Attack Point
SubBytes is an attack point that is widely used in SCA, but few studies are on the analysis of AddRoundKey. This study aims to find some rules at this point to extract additional key information. In the experiment, we found some laws in the distribution of the MAD values. According to these laws, this paper proposes two theorems. Some symbols used in this section are as follows:
⦁ ||: bit string connection operation.
⦁ X = xn-1||xn-2||..x0 : n-bit variable X (from high to low).
⦁ \(\begin{aligned}\bar{x}\\\end{aligned}\): the negation of variable x.
⦁ xh : the highest bit of variable x.
⦁ x ⊕ y : XOR operation of variable x and variable y.
Theorem1. The MAD values of the guessed key kj and the guessed key \(\begin{aligned}\bar{k}_j\\\end{aligned}\) are equal when under the following conditions:
1) The attacker uses AddRoundKey as an attack point.
2) The selection function uses the highest bit of the intermediate value as the distinction basis.
Proof. Let K be any n-bit guessed key, K = kn−1||kn−2||. . .k0, then \(\begin{aligned}\bar{K}=\overline{k_{n-1}}\left\|\overline{k_{n-2}}\right\| \ldots \| \overline{k_{0}}\\\end{aligned}\). Let A denote any n-bit plaintext, A = an−1||an−2||. . .||a0.
X = A⊕K = an-1⊕kn-1||an-2||kn-2||...||a0⊕k0 (4)
\(\begin{aligned}Y=A \oplus \bar{K}=a_{n-1} \oplus \overline{k_{n-1}}\left\|a_{n-2} \oplus \overline{k_{n-2}}\right\| \ldots \| a_{0} \oplus \overline{k_{0}}\\\end{aligned}\) (5)
because
\(\begin{aligned}\overline{a_{i} \oplus k_{i}}=a_{i} \oplus \overline{k_{i}}, i \in[0, n-1]\\\end{aligned}\) (6)
so
\(\begin{aligned}X=\bar{Y}\end{aligned}\) (7)
The selection function D(x) based on the highest bit of the intermediate value is as follows:
\(\begin{aligned}D(x)=\begin{cases} \begin{array}{ll}0 & x<2^{n-1} \\ 1 & x \geq 2^{n-1}\end{array}\end{cases}\end{aligned}\) (8)
then
\(\begin{aligned}D(X)=\overline{D(Y)}\\\end{aligned}\) (9)
and the intermediate value vi,j will satisfy the following conditions:
\(\begin{aligned}D\left(v_{i, j}\right)=\overline{D\left(\overline{v_{i, j}}\right)}\\\end{aligned}\) (10)
Let Vk denote the set of intermediate values when the guessed key is k, and let \(\begin{aligned}V_{\bar{k}}\\\end{aligned}\) be the set of intermediate values when the guessed key is \(\begin{aligned}{\bar{k}}\end{aligned}\).
Vk = {vi,k | vi,k = mi⊕k, i∈[0, N], mi ∈ M} (11)
\(\begin{aligned}V_{\bar{k}}=\left\{v_{i, \bar{k}} \mid v_{i, \bar{k}}=m_{i} \oplus \bar{k}, i \in[0, N], m_{i} \in M\right\}\\\end{aligned}\) (12)
According to (6) and (10), we know \(\begin{aligned}D\left(v_{i, k}\right)=\overline{D\left(v_{i, \bar{k}}\right)}\\\end{aligned}\). From (2), we know the classification results from Vk and \(\begin{aligned}V_{\bar{k}}\\\end{aligned}\) will be the opposite. According to (3), the MAD value is an absolute value. If exchanging the data in S0 and S1, the MAD value does not change. Therefore, the MAD values of Vk and \(\begin{aligned}V_{\bar{k}}\\\end{aligned}\) are the same. We can draw conclusions that the guessed key kj and the guessed key \(\begin{aligned}V_{\bar{k}}\\\end{aligned}\) have the same MAD value.
Theorem2. The MAD values of guessing keys with the same highest bit are equal when the following conditions are met.
1) The attacker uses AddRoundKey as an attack point.
2) The selection function uses the highest bit of the intermediate value as the distinction basis.
Proof. Set any two n-bit variables b and d, if v = b ⊕ d then:
\(\begin{aligned}v_{h}= \begin{cases} \begin{array}{ll} b_{h} & d_{h}=0 \\ \bar b_{h} & d_{h}=1\end{array}\end{cases} \end{aligned}\) (13)
Let V denote the set of intermediate values obtained by the AddRoundKey operation.
V = {vi,j | vi,j = mi⊕kj, mi∈M, kj ∈ Kguess} (14)
Then kjh satisfy the following conditions:
\(\begin{aligned}k_{j_{h}}= \begin{cases} \begin{array}{ll}0 & k_{j}<2^{n-1} \\ 1 & k_{j} \geq 2^{n-1}\end{array}\end{cases} \end{aligned}\) (15)
According to (13) and (15), we know
D(vi,0) = D(vi,1)... = D(vi,2n-1-1) (16)
According to (2) and (16), we know the classification results from vi,0 to vi,2n−1−1 will be the same. According to (3), the MAD values from the k0 to the k2n−1−1 will be the same. Similarly, from k2n−1 to k2n−1 also have the same MAD value, and theorem 2 is proved.
From theorem 1 and theorem 2, we can figure out why few people choose AddRoundKey as an attack point to analyze the key. Taking the nibble attack as an example, it can be seen from the upper subgraph of Fig. 2 that all guessed key have the same MAD value, and the correct key can not be distinguished. Therefore, we make a simple adjustment to the selection function D′(x), and the new selection function D′(x) is as follows:
\(\begin{aligned}D^{\prime}(x)= \begin{cases} \begin{array}{ll}0 & x \leq 2^{n-1} \\ 1 & x>2^{n-1}\end{array} \end{cases} \end{aligned}\) (17)
Fig. 2. The influence of different selection functions on the difference curve (nibble attack)
After adjusting the selection function D(x), the result of the attack is shown in the bottom subgraph of Fig. 2. We can see that the MAD values of guessed key kj and guessed key \(\begin{aligned}{\bar{k}}_j\\\end{aligned}\) are very close. For example, the MAD values of 0 and 15 are very close. Due to the selection function having changed, theorem 2 no longer holds, and theorem 1 does not hold when the intermediate value is 7 or 8. Therefore, we can use this phenomenon to obtain additional information.
3.2 The design of key-related value screening algorithm
For a point in the difference curve, its abscissa corresponds to the guessed key, and its ordinate corresponds to the MAD values. Let Point denote the set of points in the difference curve Point = {Pi, i = 1,2. . .15}. Let Pix denote the abscissa of Pi, and Piy denote the ordinate of Pi. As described in section 3.1, the MAD values between the guessed key kj and the guessed key \(\begin{aligned}{\bar{k}}_j\\\end{aligned}\) are very close when the attack point is AddRoundKey. We can construct screening algorithm based on this phenomenon. As we all know, the sum of kj and \(\begin{aligned}{\bar{k}}_j\\\end{aligned}\) is 15 when the guessed key kj is greater than or equal to 0 and less than or equal to 15. Furthermore, the guessed key with a larger MAD value is more likely to be the correct key. Therefore, we first sort all the points Pi according to the ordinate value and select the first four points. Then we take out the abscissas of four points and add each two abscissas values to find the number of groups that add up to 15. Finally, we select two points according to rules a), b), c). Then, the abscissas of these two points are the key-related values. The key-related value screening algorithm is shown in Algorithm 1.
a) If the number of groups with the abscissa values adding up to 15 is 1, we select this data group.
b) If the number of groups with the abscissa values adding up to 15 is 2, we select the group of data with a larger ordinate value.
c) If there is no group whose abscissa values add up to 15, we select the first two points arranged by ordinate value.
Algorithm 1 key-related value screening algorithm
Input: The set of points in the difference curve Point
Output: Two key-related values chooes1, chooes2
1: p1, p2, p3, p4 = SortByAbscissa(Point)
2: group1, gourp2, num = FindGroup(p1x, p2x, p3x, p4x)
3: if(num == 2) then
4: if(group1y >= group2y) then
5: chooes1, chooes2 = group1[0], group1[1]
6: else
7: chooes1, chooes2 = group2[0], group2[1]
8: end if
9: else if (num == 1) then
10: chooes1, chooes2 = group1[0], group1[1]
11: else
12: chooes1, chooes2 = p1x, p2x
13: end if
14: return chooes1, chooes2
3.3 The design of differential power analysis with compressed key guessing space
In traditional DPA, the attacker focuses on one power leakage point attack. Usually, this power leakage point is SubBytes in the first round of the algorithm. However, the actually measured power traces includes the power consumption of the entire encryption process. The single-point attack method wastes a lot of power consumption information. According to the research in Section 3.1 and Section 3.2, we can extract additional key information from the AddRoundKey point. Therefore, we use two power leakage points for analysis in CKGS-DPA and analyze the AES algorithm. These two points are point 1 and point 2 in Fig. 1.
According to the characteristics of different power leakage points, we give different tasks. We do not expect to get the correct key accurately when the attack point is AddRoundKey. At this point, we obtain some information about the key from it and construct key candidate intervals. Therefore, the CKGS-DPA does not need to enumerate the 256 possible values of the key at the SubBytes point but lists all the elements of the two key candidate intervals. The flowchart of the entire attack is shown in Fig. 3.
Fig. 3. flowchart of CKGS-DPA
The first step of CKGS-DPA is to get the first 4bits information of the key at the AddRoundKey point. The point of AddRoundKey is less distinguishable for the correct key compared with SubBytes. Therefore, we choose to analyze the high 4-bit of the key when the attack point is AddRoundKey. Then the size of key guessing space of the AddRoundKey attack becomes 16. In this way, the amount of calculation is reduced, and it prevents wrong guessed keys with large MAD values from being generated in large-scale guessing. With the selection function and key screening function constructed in section 3.1 and section 3.2, we can get two key-related values. The attack process of this step is shown in Algorithm 2.
Algorithm 2 AddRoundKey attack algorithm
Input: Four bit plaintext set M4bit, power trace set Wave1
Output: Two key-related values chooes1, chooes2
1: for k = 0 to 15 do
2: for m = 0 to size(M4bit) do
3: Vm,k = AddRoundKey(M4bit, k)
4: end for
5: if D'(Vm,k == 0) then
6: Set0 = {Power traces related to the mth plaintext}
7: else
8: Set1 = {Power traces related to the mth plaintext}
9: else if
10: end for
11: △\(\begin{aligned}{\bar{t}}\\\end{aligned}\) = MAD(Set0, Set1)
12: chooes1, chooes2 = Chooes(△\(\begin{aligned}{\bar{t}}\\\end{aligned}\))
13: return chooes1, chooes2
Then we reduce the key guessing space based on the information obtained. According to the two values obtained by the key-related value screening algorithm, we can construct two key candidate intervals. Let g1 be the first value and let g2 be the second value. We use nibbles to guess full bytes way to construct the key candidate interval, and interval C1, C2 are as follow:
C1 = {x | 16g1≤ x ≤ 16g1+15} (18)
C2 = {x | 16g2 ≤ x ≤ 16g2+15} (19)
Subsequently, we perform a single-byte attack at the SubBytes point based on these two intervals. Then the key guessing space is changed from 256 to 32. The key guessing space is shown in Eq. (20).
Kguess = {kj | kj ∈ (C1∪ C2), j ∈ [0,32]} (20)
Finally, we calculate the MAD values corresponding to the thirty-two guessed keys. The correct key is the guessed key corresponding to the maximum MAD in the two intervals. The CKGS-DPA uses the original selection function D(x) when the attack point is SubBytes, and the SubBytes attack algorithm is shown in Algorithm 3.
Furthermore, CKGS-DPA follows the divide and conquer strategy in traditional DPA. This method is to attack the single-byte keys one by one. Then splicing the single-byte keys obtained from each attack together to obtain the complete key. The difference from traditional DPA is that CKGS-DPA constructs two candidate key intervals before a single-byte attack. Therefore, CKGS-DPA can be applied to other algorithms with different key lengths.
Algorithm 3 SubBytes attack algorithm
Input: Plaintext set M, power trace set Wave2 and two key-related values chooes1, chooes2
Output: One-byte key RK
1: for k1 = choose1 * 16 to choose1 * 16 + 15 do
2: for m = 0 to size(M) do
3: Vm,k1 = SubBytes(M, k1)
4: end for
5: if D(Vm,k1 == 0) then
6: Set0 = {Power traces related to the mth plaintext}
7: else
8: Set1 = {Power traces related to the mth plaintext}
9: end if
10: end for
11: for k2 = choose2 * 16 to choose2 * 16 + 15 do
12: for m = 0 to size(M) do
13: Vm,k2 = SubBytes(M, k2)
14: end for
15: if D(Vm,k2 == 0) then
16: Set0 = {Power traces related to the mth plaintext}
17: else
18: Set1 = {Power traces related to the mth plaintext}
19: end if
20: end for
21: △\(\begin{aligned}{\bar{t}}\\\end{aligned}\)= MAD(Set0, Set1)
22: RK = Max(△\(\begin{aligned}{\bar{t}}\\\end{aligned}\))
23: return RK
4. Experiment and Analysis
In this section, we test the performance of CKGS-DPA. We use two different datasets for experiments to better evaluate the method. We compare DPA and CKGS-DPA with indicators such as accuracy, running time, and the number of minimum power traces required for a successful attack, and so on.
4.1 Simulation experiments
In the Simulation experiment, the power traces corresponding to different power leakage points are generated by the Hamming weight model [25]. To better observe how CKGS-DPA avoids ghost peaks, we used the same set of plaintext data to execute traditional DPA and CKGS-DPA. From Fig. 4, it can be seen that traditional DPA can not distinguish the correct key, and ghost peaks appear. We can see that the key guessing space has been reduced in CKGS-DPA. Therefore, there are MAD values in the two 16-size intervals, and the MAD values in other areas are all 0. In this way, the correct key is the abscissa value corresponding to the point with the largest MAD value in the two intervals. Some guessed key values with larger MAD values do not participate in the final calculation, which makes them have no chance to affect the final result of the attack. Therefore, the attack efficiency of CKGS-DPA is improved.
Fig. 4. DPA and CKGS-DPA attack results
Subsequently, we set the number of power traces from 0 to 4500 and perform 100 times attacks to calculate the average correct rate. It can be seen from Fig. 5 that the CKGS-DPA achieves 79.83% accuracy when the number of power traces is 2000, while the correct rate of traditional DPA reaches 58.07% accuracy. The CKGS-DPA reaches 91% accuracy when the number of power traces is 3000, while traditional DPA requires 4000 power traces to achieve an accuracy of more than 90%. Under the premise of achieving 90% accuracy, CKGS-DPA reduces the power traces demand by 25% compared with the traditional DPA.
Fig. 5. The average correct rate of DPA and CKGS-DPA
4.2 Experiments on ASCAD Dataset
In the second experiment, we acquire 2000 power traces from the ASCAD dataset [26]. The ASCAD dataset is a publicly available dataset for evaluating SCA methods. It contains the power traces of the masked AES algorithm implemented in the ATMEGA 8515. However, the byte 0 and byte 1 in the ASCAD dataset have first-order leakage due to their mask value being 0. Therefore, we use DPA and CKGS-DPA to attack the first-byte key and the second-byte key. The attack results of byte 0 and byte 1 are shown in Fig. 6 and Fig. 7. We can clearly observe that CKGS-DPA reduces some guessed keys with larger MAD values compared with DPA. For byte 0, DPA needs 605 power traces to crack the key due to the interference of the ghost peaks. While CKGS-DPA only needs 352 power traces due to reducing the key guessing space. Compared with DPA, the CKGS-DPA reduces power traces demand by 41%. For byte 1, DPA needs 371 power traces to crack the key, and the CKGS-DPA requires 197 power traces, which reduces the number of power traces by 46% compared with DPA.
Fig. 6. The relationship between the MAD values of all guessed keys and the number of power traces (byte 0)
Fig. 7. The relationship between the MAD values of all guessed keys and the number of power traces (byte 1)
Subsequently, we compared the calculation cost of DPA and CKGS-DPA. Let Np be the total number of plaintext. The time complexity and the number of key guesses for DPA and CKGS-DPA are shown in Table 1.
Table 1. Algorithm performance comparison
We can see that the algorithm complexity of DPA and CKGS-DPA are both O(n). The computational cost of CKGS-DPA and DPA are the same when the number of runs tends to infinity. In actual attacks, the computational cost of CKGS-DPA is less than that of DPA because the main amount of calculation is concentrated in the step of calculating the MAD value. The number of calculations depends on the number of guessed keys. Taking the attack of the first byte key as an example, a traditional DPA attack requires 256Np key guesses. In CKGS-DPA, the number of key guesses is 16Np guesses in AddRoundKey and 32Np guesses in SubBytes, for a total of 48Np guesses. Although some additional calculation steps have been added to CKGS-DPA, the overall amount of calculation is reduced. The running time comparison between CKGS-DPA and DPA is shown in Fig. 8. From Fig. 8, we can see that the running time of CKGS-DPA is much less than the running time of DPA, and the more power traces used in the attack, the more obvious the advantage of the CKGS-DPA. In the simulation experiment and the experiment on the ASCAD dataset, we can see that CKGS-DPA is better than DPA in terms of attack efficiency and accuracy.
Fig. 8. The relationship between running time and the number of power traces
5. Conclusion
This paper discusses the ghost peak problem in traditional DPA. We propose a compressed key guessing space (CKGS) scheme to solve the ghost peak problem. The CKGS scheme uses the leaked information of the two power leakage points to perform a combined attack. We perform a nibble attack at the AddRoundKey point to determine the key candidate interval and perform a single-byte attack at the SubBytes point. The appearance of ghost peaks can be reduced by avoiding some guessed keys with larger MAD values. At the same time, we found that traditional DPA cannot distinguish the correct key when the attack point is AddRoundKey and give mathematical proof for this phenomenon. Then we modify the selection function and propose a key-related value screening algorithm to get key information. The key candidate interval is constructed according to this information. Finally, we perform a SubBytes attack based on the key candidate interval. In the experimental verification, we used two different datasets to evaluate CKGS-DPA. The experimental results show that CKGS-DPA can effectively reduce the appearance of ghost peaks and improve the efficiency of attacks.
Acknowledgement
This research is supported by the Postgraduate Scientific Research Innovation Project of Hunan Province (No.CX20211232), the Scientific Research Fund of Hunan Provincial Education Department (No.19A072, 21C0540), the Science and Technology Innovation Program of Hunan Province(2016TP1020), Application-oriented Special Disciplines, Double First-Class University Project of Hunan Province (Xiangjiaotong [2018] 469).
References
- Yuechuan Wei, Peng Xu, and Yisheng Rong, "Related-key impossible differential cryptanalysis on lightweight cipher TWINE," Journal of Ambient Intelligence and Humanized Computing, vol. 10, no. 2, pp. 509-517, January, 2019. https://doi.org/10.1007/s12652-017-0675-1
- Amir Moradi, Oliver Mischke, and Christof Paar, "One attack to rule them all: Collision timing attack versus 42 AES ASIC cores," IEEE transactions on computers, vol. 62, no. 9, pp. 1786-1798, September, 2013. https://doi.org/10.1109/TC.2012.154
- Yaoling Ding, Ying Shi, An Wang, Yongjuan Wang, and Guoshuang Zhang, "Block-oriented correlation power analysis with bitwise linear leakage: An artificial intelligence approach based on genetic algorithms," Future generation computer systems, vol. 106, pp. 34-42, May, 2020. https://doi.org/10.1016/j.future.2019.12.046
- Shan Jin and Riccardo Bettati, "Efficient side-channel attacks beyond divide-and-conquer strategy," Computer Networks, vol. 198, pp. 108409, October, 2021. https://doi.org/10.1016/j.comnet.2021.108409
- Yu Ou and Lang Li, "Side-channel analysis attacks based on deep learning network," Frontiers of Computer Science, vol. 16, no. 2, pp. 1-11, September, 2022.
- Byeong-Soo Go, Dinh-Vuong Le, Myung-Geun Song, Minwon Park, and In-Keun Yu, "Design and electromagnetic analysis of an induction-type coilgun system with a pulse power module," IEEE Transactionson plasma science, vol. 47, no. 1, pp. 971-976, Jan. 2019. https://doi.org/10.1109/TPS.2018.2874955
- Eloi de Cherisey, Sylvain Guilley, Olivier Rioul, and Pablo Piantanida, "Best information is most successful," IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2019, no. 2, pp. 49-79, February, 2019.
- Carlton Shepherd, Konstantinos Markantonakis, Nico van Heijningen, Driss Aboulkassimi, Clement Gaine, Thibaut Heckmann, and David Naccache, "Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis," Computers & Security, vol. 111, pp. 102471, December, 2021. https://doi.org/10.1016/j.cose.2021.102471
- Jaegeun Moon, Im Y Jung, and Jong Hyuk Park, "IOT application protection against power analysis attack," Computers & Electrical Engineering, vol. 67, pp. 566-578, April, 2018. https://doi.org/10.1016/j.compeleceng.2018.02.030
- Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard, "Systematic classification of side-channel attacks: A case study for mobile devices," IEEE Communications Surveys & Tutorials, vol. 20, no. 1, pp. 465-488, Firstquarter 2018. https://doi.org/10.1109/COMST.2017.2779824
- MingJian Tang, Mamoun Alazab, and Yuxiu Luo, "Big data for cybersecurity: Vulnerability disclosure trends and dependencies," IEEE Transactions on Big Data, vol. 5, no. 3, pp. 317-329, Sept. 1 2019. https://doi.org/10.1109/tbdata.2017.2723570
- Yu Ou and Lang Li, "Research on a high-order AES mask anti-power attack," IET Information Security, vol. 14, no. 5, pp. 580-586, September, 2020. https://doi.org/10.1049/iet-ifs.2019.0602
- Stjepan Picek, Annelie Heuser, and Sylvain Guilley, "Template attack versus Bayes classifier," Journal of Cryptographic Engineering, vol. 7, no. 4, pp. 343-351, September, 2017. https://doi.org/10.1007/s13389-017-0172-7
- Tae-Youn Kim and Jae-Hyun Lee, "A simple power source modeling and experimental investigation of a spacecraft for EMC applications," Journal of Electromagnetic Engineering and Science, vol. 21, no. 1, pp. 78-85, January, 2021. https://doi.org/10.26866/jees.2021.21.1.78
- Paul Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi, "Introduction to differential power analysis," Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5-27, March, 2011. https://doi.org/10.1007/s13389-011-0006-y
- Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, and Xiang-min Zhang, "Correlation power attack on a message authentication code based on SM3," Frontiers of Information Technology & Electronic Engineering, vol. 20, no. 7, pp. 930-945, August, 2019. https://doi.org/10.1631/FITEE.1800312
- Abyad Enan and Mohammed Imamul Hassan Bhuiyan, "Investigation of side channel leakage of FeRAM using discrete wavelet transform," in Proc. of 2019 IEEE International Conference on Telecommunications and Photonics (ICTP), Dhaka, Bangladesh, pp. 1-4, April, 2019.
- Hanwen Feng, Jing Zhou, Weiguo Lin, Yujuan Zhang, and Zhiguo Qu, "Multiple-input, multilayer-perception-based classification of traces from side-channel attacks," Computer, vol. 53, no. 8, pp. 40-48, July, 2020. https://doi.org/10.1109/mc.2020.2996647
- Dong-Hyun Seo, Mayukh Nath, Debayan Das, Baibhab Chatterjee, Santosh Ghosh, and Shreyas Sen, "PG-CAS: Patterned-Ground Co-Planar Capacitive Asymmetry Sensing for mm-Range EM Side-Channel Attack Probe Detection," in Proc. of 2021 IEEE International Symposium on Circuits and Systems (ISCAS), Daegu, Korea, pp. 1-5, April, 2021.
- Jing Pan, Jasper GJ Van Woudenberg, Jerry I Den Hartog, and Marc F Witteman, "Improving DPA by peak distribution analysis," in Proc. of International Workshop on Selected Areas in Cryptography, Waterloo, Ontario, pp. 241-261, 2010.
- Hridoy Jyoti Mahanta and Ajoy Kumar Khan, "Improving power analysis peak distribution using canberra distance to address ghost peak problem," International Journal of Information Security and Privacy (IJISP), vol. 12, no. 3, pp. 27-41, July, 2018. https://doi.org/10.4018/ijisp.2018070103
- Juncheng Chen, Jun-Sheng Ng, Kwen-Siong Chong, Zhiping Lin, and Bah-Hwee Gwee, "A novel normalized variance-based differential power analysis against masking countermeasures," IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3767-3779, June, 2021. https://doi.org/10.1109/TIFS.2021.3093783
- Samuel Jaques, Michael Naehrig, Martin Roetteler, and Fernando Virdia, "Implementing Grover oracles for quantum key search on AES and lowMC," in Proc. of Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, pp. 280-310, May, 2020.
- Yiwen Gao and Yongbin Zhou, "Side-channel attacks with multi-thread mixed leakage," IEEE Transactions on Information Forensics and Security, vol. 16, pp. 770-785, September, 2020. https://doi.org/10.1109/tifs.2020.3023278
- Tang Ming, Wang Pengbo, Ma Xiaoqi, Chang Wenjie, Zhang Huan guo, Peng Guojun, and Jean-Luc Danger, "An efficient SCA leakage model construction method under predictable evaluation," IEEE Transactions on Information Forensics and Security, vol. 13, no. 12, pp. 3008-3018, Dec. 2018. https://doi.org/10.1109/TIFS.2018.2837644
- Ryad Benadjila, Emmanuel Prouff, Remi Strullu, Eleonora Cagli, and Cecile Dumas, "Deep learning for side-channel analysis and introduction to ASCAD database," Journal of Cryptographic Engineering, vol. 10, no. 2, pp. 163-188, November, 2020. https://doi.org/10.1007/s13389-019-00220-8