Emmanuelle Dottax

Generalizing square attack using side-channels of an AES implementation on an FPGA

We show how to attack an implementation of AES on an FPGA where all bytes are processed in parallel. We introduce a new way of retrieving information, mixing algebraic properties and physical observations. The attack is based on a generalization of the Square Attack. We focus on the electromagnetic side-channel, but our results are still valid for power consumption analysis as they reflect a global phenomenon inside the chip; and so, this contrasts with situations where eavesdroppers take advantage of local electromagnetic emanations.

Perturbing and protecting a traceable block cipher

At the Asiacrypt 2003 conference, Billet and Gilbert introduce a block cipher, which, to quote them, has the following paradoxical property: it is computationally easy to derive many equivalent distinct descriptions of the same instance of the block cipher; but it is computationally difficult, given one or even many of them, to recover the so-called meta-key from which they were derived, or to find any additional equivalent description, or more generally to forge any new untraceable description of the same instance of the block cipher. They exploit this property to introduce the first traceable block cipher. Their construction relies on the Isomorphism of Polynomials (IP) problem. At Eurocrypt 2006, Faugere and Perret show how to break this scheme by algebraic attack. We here strengthen the original traceable block cipher against this attack by concealing the underlying IP problems. Our modification is such that our description of the block cipher now does not give the expected results all the time and parallel executions are used to obtain the correct value.