@proceedings{18012,
  author = {Stian Husum and H{\r a}vard Raddum and Martijn Stam},
  title = {A Comparison of Graph-Inference Side-Channel Attacks Against  SKINNY},
  abstract = {Belief propagation can improve standard divide-and-conquer side-channel attacks by exploiting additional leakage both effectively and efficiently. The original approach for belief propagation against block ciphers uses factor graph inference (FGI). Recently, Costes and Stam (CHES{\textquoteright}23) proposed the use of cluster graph inference (CGI) as a more effective and potentially more efficient alternative. In the context of SKINNY, they focus on exploiting leakage on the 44 S-boxes that each depend on at most two subkeys, surprisingly enabling exact inference. Expanding their cluster graph approach beyond the 44 S-boxes is intrinsically expensive, as it requires enumerating larger subkeys.In contrast to CGI, FGI remains efficient regardless of the number of S-boxes exploited, yet in practice exploiting more rounds appears to quickly yield diminishing returns: against AES so far only two rounds have been exploited effectively. Costes and Stam provided a rough, qualitative comparison between cluster and factor graph inference, but without any quantitative experiments. Thus, it remains unclear how well FGI would fare against a low-diffusion cipher like SKINNY.We provide a quantitative comparison of the two graph inference meth- ods applied to SKINNY. We conclude that, when profiling is possible, both behave comparably when exploiting the aforementioned 44 S-boxes. Yet, FGI can easily exploit more S-boxes, comprehensively outperforming CGI. For the profiled scenarios originally considered by Costes and Stam, FGI on three leaking rounds from both sides of the cipher is best, both in terms of effectiveness and efficiency.},
  year = {2025},
  journal = {CASCADE 2025},
  publisher = {Springer},
}