Adaptive Chosen-Plaintext Collision Attack on Masked AES in Edge Computing

Edge computing handles delay-sensitive data and provides real-time feedback, while it brings data security issues to edge devices (such as IoT devices and edge servers). Side-channel attacks main threaten to these devices. Collision attack represents a powerful category of side-channel analysis in extracting security information from embedded cryptographic algorithms. Since its proposition in 2003, plenty of collision detection algorithms are presented, most of which enumerate all the values of target plaintext byte to find a collision. In this paper, we establish a relation between 'Euclidean distance between traces' and 'Hamming distance between values,' and take advantage of the distance information leaked from the power traces of encrypting an adaptively chosen plaintext to reduce the candidate plaintext space. Consequently, the collision is detected at a high pace. Moreover, this improvement is fault-tolerant, and its self-correction feature promotes the efficiency of attacks based on our method significantly. We take AES implemented with masks, which is usually employed in edge computing devices, for instance, to introduce our method and conduct experiments to verify its efficiency. According to the experimental results, for whole key recovery attacks, our method requires only 26.5% plaintexts, 32.2% traces, and much less than 10% computations of the collision-correlation attack launched by Clavier et al.