skip to Main Content

Template Attack Against AES in Counter Mode With Unknown Initial Counter


Despite its long-contested viability, numerous applications still rely upon AES Counter mode (AES-CTR). Research supports that the vulnerabilities associated with CTR from a mathematical perspective, mainly forgery attempts, stem from misusing the nonce. When paired with cryptographic algorithms, assuming no nonce misuse increases the complexity of unraveling CTR. Hence, we tasked ourselves with examining the pairing of CTR with AES-128 (AES-CTR). Our contributions in this work include (1) performing full key recovery for a software implementation of AES-CTR utilizing a template attack (TA) and (2) enhancing the TA analysis’s point of interest (POI) using first-order analysis and known key to identify leaky samples.

Back To Top