Recovering Secret Keys from Weak Side Channel Traces of Differing Lengths

  • Colin D. Walter
Conference paper

DOI: 10.1007/978-3-540-85053-3_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5154)
Cite this paper as:
Walter C.D. (2008) Recovering Secret Keys from Weak Side Channel Traces of Differing Lengths. In: Oswald E., Rohatgi P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2008. CHES 2008. Lecture Notes in Computer Science, vol 5154. Springer, Berlin, Heidelberg


Secret key recovery from weak side channel leakage is always a challenge in the presence of standard counter-measures. The use of randomised exponent recodings in RSA or ECC means that, over multiple re-uses of a key, operations which correspond to a given key bit are not aligned in the traces. This enhances the difficulties because traces cannot be averaged to improve the signal-to-noise ratio.

The situation can be described using a hidden Markov model (HMM) but the standard solution is computationally infeasible when many traces have to be processed. Previous work has not provided a satisfactory way out. Here, instead of ad hoc sequential processing of complete traces, trace prefixes are combined naturally in parallel. This results in the systematic extraction of a much higher proportion of the information theoretic content of the leakage, enabling many keys of typical ECC length to be recovered with a computationally feasible search through a list of most likely values. Moreover, likely errors can now be located very easily.


Side channel leakage simple power analysis SPA Hidden Markov Models Forward-Backward Algorithm Viterbi Algorithm 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Colin D. Walter
    • 1
  1. 1.Comodo CA Research LaboratoryBradfordUK

Personalised recommendations