Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery

Xin Ye, Thomas Eisenbarth, William Martin

Abstract

This work presents a novel algorithm to quantify the relation between three factors that characterize a side channel adversary: the amount of observed side channel leakage, the workload of full key recovery, and its achievable success rate. The proposed algorithm can be used by security evaluators to derive a realistic bound on the capabilities of a side channel adversary. Furthermore, it provides an optimal strategy for combining subkey guesses to achieve any predefined success rate. Hence, it can be used by a side channel adversary to determine whether observed leakage suffices for key recovery before expending computation time. The algorithm is applied to a series of side channel measurements of a microcontroller AES implementation and simulations. A comparison to related work shows that the new algorithm improves on existing algorithms in several respects.
Original languageEnglish
Title of host publicationSmart Card Research and Advanced Applications
EditorsMarc Joye, Amir Moradi
Number of pages18
Volume8968
Place of PublicationCham
PublisherSpringer International Publishing
Publication date17.03.2015
Pages215-232
ISBN (Print)978-3-319-16762-6
ISBN (Electronic)978-3-319-16763-3
DOIs
Publication statusPublished - 17.03.2015
Event13th International Conference on Smart Card Research and Advanced Applications - Paris, France
Duration: 05.11.201407.11.2014

Fingerprint

Dive into the research topics of 'Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery'. Together they form a unique fingerprint.

Cite this