Power Analysis Attack Based on Hamming Weight Model without Brute Force Cracking

Abstract

Power analysis attack is an attack method to obtain the key in cryptographic chip by analyzing the power information of the cryptographic chip. Machine learning has been widely used in power analysis attacks in recent years. Machine learning can effectively establish the model between the power traces and the SBOX output value or the HM (Hamming) weight of the SBOX output value so that the SBOX output value or the HM weight of the SBOX output value can be obtained through the power traces. HM weight model is widely used because it has less classification of nine and can achieve better machine learning accuracy. However, in the HM weight model, the key cannot be obtained directly by obtaining the median HM weight; instead, the key needs to be deduced by brute force cracking of the median HM weight. Usually, the brute force cracking of a byte key requires 51 enumeration times on average. The HM weight distribution of the SBOX output value is unbalanced, so the power analysis attack based on the HM weight model without brute force cracking is proposed in this paper. Based on the HM weight of the SBOX output value, the method selects the best plaintext for the next power analysis attack, and Euclidean distance is chosen as the optimal plaintext selection judgment algorithm. It makes the HM weight distribution of the SBOX output value more evenly, thus reducing the possible key space and confirming the key more easily. This scheme does not require brute force cracking. It only needs to input 3.332 plaintexts on average and up to 4 plaintexts to determine the unique key, which effectively improves the efficiency of the power analysis attack. In this paper, the authors test the DPA competition V4 data set and Kizhvatov’s data set with random defense. Experiments show that this scheme enjoys the high accuracy of the HM weight model in machine learning. Compared with the Whole Byte scheme, the accuracy based on this scheme can be increased by about 360%. Compared with the brute force cracking HM weight scheme, the guessing entropy can be decreased by about 1700%.