How secure is AES under leakage

Abstract

While traditionally cryptographic algorithms have been designed with the black-box security in mind, they often have to deal with a much stronger adversary – namely, an attacker that has some access to the execution environment of a cryptographic algorithm. This can happen in such grey-box settings as physical side-channel attacks or digital forensics as well as due to Trojans. In this paper, we aim to address this challenge for symmetric-key cryptography. We study the security of the Advanced Encryption Standard (AES) in the presence of explicit leakage: We let a part of the internal secret state leak in each operation. We consider a wide spectrum of settings – from adversaries with limited control all the way to the more powerful attacks with more knowledge of the computational platform. To mount key recoveries under leakage, we develop several novel cryptanalytic techniques such as differential bias attacks. Moreover, we demonstrate and quantify the effect of uncertainty and implementation countermeasures under such attacks: black-boxed rounds, space randomization, time randomization, and dummy operations.We observe that the residual security of AES can be considerable, especially with uncertainty and basic countermeasures in place.