Side channel attacks exploit physical information that leaks from a cryptographic device, for example power, to extract secret information, such as secret keys. While such attacks are effective for small keys with 8 or 16 bits, they are not viable in practice, however, where keys are much larger, such as 128 bits in AES 128 or more. In order to scale these attacks, some form of divide-and-conquer strategy is typically used, where the attacker divides the key into subkeys and attempts to recover the subkeys separately and then combines them to form the key. In this paper we address two problems that render divide-and-conquer based attacks largely ineffective in practice: First, the power leakage models are inaccurate because of the noise caused by computation involving the remaining portion of the key. We show how better leakage models can improve the accuracy of the resulting leakage models. Second, naïvely combining the recovered subkeys during the attack phase is ineffective, as errors in the subkey recoveries compound. We show how leakage models from other stages of the cryptographic computation can be leveraged to validate (we call this “reinforce”) the choice of recovered subkeys. Experiments using AES 128 leakage data show that (1) leakage models that use the entire key are far superior over subkey-based models, (2) that reinforcement of subkey selection through validation with leakage in a single additional round of the encryption process is both efficient and highly effective (performance improvements up to 240% in key recovery rate in some cases), and (3) the benefits of using more than one additional round are negligible. This work is paving the way towards the study of data-driven system identification techniques to be applied in side-channel attacks.

旁道攻击利用从密码设备泄漏的物理信息（例如电源）来提取秘密信息，例如密钥。虽然此类攻击对 8 位或 16 位的小密钥有效，但它们在实践中不可行，但在密钥大得多的情况下，例如 AES 128 中的 128 位或更多。为了扩大这些攻击的规模，通常会使用某种形式的分而治之的策略，其中攻击者将密钥分成子密钥并尝试分别恢复子密钥，然后将它们组合起来形成密钥。在本文中，我们解决了导致基于分而治之的攻击在实践中基本上无效的两个问题：首先，由于涉及密钥剩余部分的计算引起的噪声，功率泄漏模型不准确。我们展示了更好的泄漏模型如何提高所得泄漏模型的准确性。其次，在攻击阶段天真地组合恢复的子密钥是无效的，因为子密钥恢复中的错误会复合。我们展示了如何利用来自加密计算其他阶段的泄漏模型来验证（我们称之为“强化”）已恢复子密钥的选择。使用 AES 128 泄漏数据的实验表明 (1) 使用整个密钥的泄漏模型远优于基于子密钥的模型，(2) 通过在加密过程的单个附加轮中验证泄漏来加强子密钥选择高效且高效（在某些情况下，密钥恢复率的性能提升高达 240%），以及 (3) 使用多于一轮的好处可以忽略不计。