A heuristic approach to assist side channel analysis of the data encryption standard

Abstract

This paper describes the method adopted by the winning attack proposal to the first edition of the DPA contest. Two original ideas allowed to efficiently recover the secret key of a hardware implementation of the DES function. The first one was to consider full 56-bit guesses on the whole key (instead of only 6, 8, or even 12 or 16 bits that are usually used) to optimally exploit the side-channel leakage. We used a maximum likelihood based distinguisher fitted to the hardware characteristics of the leakage (32-bit register Hamming distance model). The second original idea was to design a smart sampling of the key space in order to find the correct key without requiring to exhaust a substantial proportion of the 256 keys. We adopted a hill climbing heuristic approach using a likelihood based objective function, combined with a clever candidate update function that takes into account the main specificities of the DES key schedule.