One Attack to Rule Them All: Collision Timing Attack versus 42 AES ASIC Cores

When complex functions, for example, substitution boxes of block ciphers, are realized in hardware, timing attributes of the underlying combinational circuit depend on the input/output changes of the function. These characteristics can be exploited by the help of a relatively new scheme called fault sensitivity analysis. A collision timing attack which exploits the data-dependent timing characteristics of combinational circuits is demonstrated in this paper. The attack is based on an also recently published correlation collision attack, which avoids the need for a hypothetical timing model for the underlying combinational circuit to recover the secret materials. The target platforms of our proposed attack are 14 AES ASIC cores of the SASEBO LSI chips in three different process technologies, 13 nm, 90 nm, and 65 nm. Successfully breaking all cores including the DPA-protected and fault attack protected cores indicates the strength of the attack.