Abstract
The NIST CTR_DRBG specification prescribes a maximum size on each random number request, limiting the number of encryptions in CTR mode with the same key to 4 096. Jaffe’s attack on AES in CTR mode without knowledge of the nonce from CHES 2007 requires 216 traces, which is safely above this recommendation. In this work, we exhibit an attack that requires only 256 traces, which is well within the NIST limits. We use simulated traces to investigate the success probability as a function of the signal-to-noise ratio. We also demonstrate its success in practice by attacking an AES-CTR implementation on a Cortex-M4 among others and recovering both the key and nonce. Our traces and code are made openly available for reproducibility.
Publisher
Universitatsbibliothek der Ruhr-Universitat Bochum
Subject
General Earth and Planetary Sciences,General Environmental Science
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Side-Channel Analysis Against SecOC-Compliant AES-CMAC;IEEE Transactions on Circuits and Systems II: Express Briefs;2023-10
2. Template Attack Against AES in Counter Mode With Unknown Initial Counter;2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC);2023-03-08
3. TROT: A Three-Edge Ring Oscillator Based True Random Number Generator With Time-to-Digital Conversion;IEEE Transactions on Circuits and Systems I: Regular Papers;2022-06