Key in the Pocket: Intelligent Key Recovery with Genetic Algorithm in Correlation-enhanced Collision Attacks

By introducing collision information, the existing side-channel Correlation-Enhanced Collision Attacks (CECAs) performed collision-chain detection, quickly filtered out candidates unsatisfying collision conditions and extracted a part of optimal candidates for further process, thereby rapidly and significantly reducing the key candidate space and the difficulty of key recovery. However, they are still limited by disadvantages such as serial implementation, complex parameter settings and lack of intelligence, resulting in a low success rate of key recovery. To address these issues, we first present a Collision Detection framework with Genetic Algorithm (CDGA), which exploits Genetic Algorithm to detect the collision chains and has a strong capability of global searching. Secondly, we theoretically analyze the performance of CECA, and bound the searching depth of its output candidate vectors with a confidence level using a data-driven hypothesis test that provides confidence bounds for Gaussian leakages and an approximation based on Central Limit Theory (CLT)for non-Gaussian cases, which facilitates effective and stable population initialization. Thirdly, benefiting from our hypothesis-test-guided design, we propose a goal-directed mutation that prioritizes promising collision candidates, thus improving efficiency and adaptability of the CDGA. Finally, to optimize the evolution of CDGA, we introduce a roulette selection strategy to employ a probability assignment based on individual fitness values to guarantee the preferential selection of superior genes. Comprehensive experiments on DPA Contest v4.1 (AES-256 with Rotated S-boxes Masking) and an AT89S52 AES-128 platform demonstrate that CDGA achieves faster convergence and higher key-recovery success rates compared with TOC/FTC/FCC and Wiemers’ cumulative-correlation selection.