Simple Photonic Emission Attack with Reduced Data Complexity

This work proposes substantial algorithmic enhancements to the SPEA attack of Schlösser et al. [16] by adding cryptographic postprocessing, and improved signal processing to the photonic measurement phase. Our improved approach provides three crucial benefits: (1) For some SBox/SRAM configurations the original SPEA method is unable to identify a unique key, and terminates with up to 2 key candidates; using our new solver we are able to find the correct key regardless of the respective SBox/SRAM configuration. (2) Our methods reduce the number of required (complex photonic) measurements by an order of magnitude, thereby shortening the duration of the attack significantly. (3) Due to the unavailability of the attack equipment of Schlösser et al. [16] we additionally developed a novel Photonic Emission Simulator which we matched against the real equipment of the original SPEA work. With this simulator we were able to verify our enhanced SPEA attack by a full AES recovery which uses only a small number of photonic measurements.