On Side Channel Cryptanalysis and Sequential Decoding

TL;DR

This paper introduces a novel side channel cryptanalysis method using sequential decoding and Bayesian inference, significantly improving key estimation accuracy and reducing required traces compared to traditional differential analysis.

Contribution

It proposes a new iterative decoding approach that exploits key redundancy and probabilistic metrics, enhancing side channel attack effectiveness over existing methods.

Findings

Reduces number of side channel traces needed by a factor of two

Incorporates previous differential analysis as a special case

Scalable trade-off between accuracy and complexity

Abstract

This paper presents an approach for side channel cryptanalysis with iterative approximate Bayesian inference, based on sequential decoding methods. Reliability information about subkey hypotheses is generated in the form of likelihoods, and sets of subkey hypothesis likelihoods are optimally combined into key bit log likelihood ratios. The redundancy of expanded keys in multi-round cryptographic schemes is exploited to correct round key estimation errors. This is achieved by sequential decoding, where subkey candidates are sorted by a probabilistic path metric and iteratively extended. The M-algorithm is presented as a concrete implementation example with deterministic run-time behaviour. The resulting algorithm contains previous hard decision differential analysis as special case for single-round analysis and M=1, and is strictly more accurate otherwise. The trade-off between estimation accuracy and complexity is scalable by parameter choice. The proposed algorithm is simulatively shown in an example scenario to reduce the number of required side channel traces compared to standard differential analysis by a factor of two when run with reasonable complexity, for the whole investigated signal-to-noise ratio range.