Side Channel Attacks Database
|
|
|
|
|
|
On the complexity of side-channel attacks on AES-256 -- methodology and quantitative results on cache attacks |
 |
|
|
Michael Neve, Kris Tiri, |
|
|
IACR 2007 |
|
| Abstract: |
|
Larger key lengths translate into an exponential increase in the complexity of an exhaustive search. Side-channel attacks, however, use a divide-and-conquer approach and hence it is generally assumed that increasing the key length cannot be used as mitigation. Yet, the internal round structure of AES-256 and its key-scheduling seem to hinder a direct extension of the existing attacks on AES-128 and thus challenge the proposition above. Indeed two consecutives round keys are required to infer the secret key and the MixColumns operation, not present in the last round, apparently increases the key search complexity from to 2^8 to 2^32. Additionally, it is unclear what the impact of the different round structures is on the number of required measurements. In this paper, we explore this question and show how to attack AES-256 with a key search complexity of O(2^8). This work confirms with practical experiments that AES-256 only offers a marginal increase in resistance against the attacks –both in the required number of measurements and in the required processing time. As an example, we quantify this increase for the case of cache-based side-channel attacks: AES-256 only provides an increase in complexity of 6 to 7 compared to cache-based attacks on AES-128. |
|
| Paper Available At: |
|
http://eprint.iacr.org/2007/318 |
|
|
|
|
|
|
|
|
|
|
|
|
Cited By: |
|
|
|
|
|
|
|
|
|
Sort: |
|
This paper has been referenced 0 times, showing 1-10 |
Page 1 of 0
|
|
|
|
|
|
|
|
|
|
|
|
| Comments About Paper |
|
|
|
|
| Post a Comment |
|
|
 Enter the code shown:
|
| Name: |
|
| Email (optional) |
|
| Comment: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Direct any
comments, questions, omissions, criticizm here |
 |
|
|
|