TVLA with unknown key

scarookie · April 5, 2022, 10:43am

Is it possible to perform a TVLA with unknown key? Or even if I know the key, but its value is not the same as in the proposed paper value, will the TVLA still work? Or do the values have to be exactly the same as in the paper?

Alex_Dewar · April 5, 2022, 5:35pm

Hi,

If you’re just looking to do a fixed v random data test, I think the TVLA should still work if you don’t know the key - you just need to separate your datasets into 2 fixed text and random text sets.

Alex

scarookie · April 6, 2022, 8:47am

@Alex_Dewar so I simply ignore the part of setting the key to a fixed value proposed in the paper, and then just continue with fixed+random plaintexts? Will it not affect the result, since if we test the first AES round, we get different sbox outputs if our key is not the same as in the paper. Arent the keys and plaintexts in the test chosen so that they would create a visible leak when they are computed by the sbox operations?

Alex_Dewar · April 6, 2022, 1:13pm

You can read the rational behind the test at https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdf. I don’t think it will work as well as a normal TVLA, but it should still give you some idea of leakage.

Alex

scarookie · April 6, 2022, 1:30pm

@Alex_Dewar so in the end to perform a normal TVLA proposed in the Jupyter tutorials I must have the control of the key and plaintext, and not only the plaintext?

Alex_Dewar · April 6, 2022, 7:51pm

Yes, that’s correct

Alex

scarookie · April 13, 2022, 12:48pm

@Alex_Dewar what do we actually attack with the TVLA test? We do just a CPA attack against the devices AES implementation? Do we attack whole AES or just the first round, the first SBOX operation? If yes, if we know the key but cant change it, could we adjust the plaintext in order to get the same SBOX output as needed?

Alex_Dewar · April 13, 2022, 11:29pm

TVLA isn’t an attack - it’s used for evaluating crypto implementations and seeing if leakage exists.

scarookie · April 14, 2022, 10:03am

but in order to perform TVLA one has to do similar steps as in CPA, isnt that true? or do we just gather traces over the whole AES implementation to find out if there is leakage, without focusing on certain SBOX operation or round?

Is there another way than TVLA to find out if there is leakage which can be abused in CPA attack, that doesnt require someone to know or manipulate the key?

Alex_Dewar · April 15, 2022, 5:26am

From https://www.rambus.com/wp-content/uploads/2015/08/TVLA-DTR-with-AES.pdf :

Two classes of tests are included: general and specific. The general tests look for any leakage that
depends on input data or key. Specific tests target specific intermediates of the cryptographic operation
that could be exploited to recover keys or other sensitive security parameters. A failing general test
shows leakage that may or may not be immediately exploitable, but indicates the possibility of exploit.
Specific test failures indicate leakage that is directly exploitable for recovery of secrets.

There are multiple types of tests that that document specifies. The simplest one, fixed v. random data, doesn’t target any specific operation, it just looks for general leakage relating to the key/text.

As far as I’m aware, there’s no general test you can do to figure that out.