Improving the Performance of CPA Attacks for Ciphers Using Parallel Implementation of S-Boxes

Abstract

Since their introduction in early 2000, CPA (correlation power analysis), as a cryptographic tool, has been widely used in the cryptanalysis of cryptographic algorithms (being applicable to both symmetric key ciphers as well as to public key encryption schemes). An application of the classical CPA method, along with its variants, to cryptographic algorithms that use parallel implementation of its substitution boxes (S-boxes) commonly requires more power traces to extract the secret key compared to the case when serial implementation of S-boxes is employed. To reduce the amount of power traces in this scenario, we propose a modification of the standard CPA approaches and demonstrate practically that our method performs better than the existing ones in this respect. To verify the efficiency of our improved CPA method, we apply it to the public databases of DPA Contest V2. In particular, the experimental results show that only 495 power traces are required to recover the secret key of AES. We also compare the performance of our attack to the relevant methods whose parameters are available at DPA Contest V2. The results show that compared to the best nonprofiling side-channel attack (SCA) attack, our method reduces the number of power traces required to recover the secret key by 6,566. Also, our new method performs almost similarly as the best profiling SCA attack of Benoit Gerard (in terms of the required number of power traces), thus reducing the gap in the performance of profiling and nonprofiling SCA attacks.