Abstract
Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Chari S., Jutla C.S., Rao J.R., Rohatgi P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J (eds) CRYPTO. Lecture Notes in Computer Science, vol. 1666, pp. 398–412. Springer, Berlin (1999)
Dodis Y., Pietrzak K.: Leakage-resilient pseudorandom functions and side-channel attacks on Feistel networks. In: Rabin, T (eds) CRYPTO. Lecture Notes in Computer Science, vol. 6223, pp. 21–40. Springer, Berlin (2010)
Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302. IEEE Computer Society (2008)
Faust S., Kiltz E., Pietrzak K., Rothblum G.N.: Leakage-resilient signatures. In: Micciancio, D (eds) TCC. Lecture Notes in Computer Science, vol. 5978., pp. 343–360. Springer, Berlin (2010)
Gierlichs B., Batina L., Tuyls P., Preneel B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P (eds) CHES. Lecture Notes in Computer Science. vol. 5154, pp. 426–442. Springer, Berlin (2008)
Golic J.D., Tymen C.: Multiplicative masking and power analysis of AES. In: Çetin Kaya Koç, B.S.K., Paar, C (eds) CHES. Lecture Notes in Computer Science, vol. 2523., pp. 198–212. Springer, Berlin (2002)
Goubin L., Patarin J.: DES and differential power analysis (The “Duplication” Method). In: Çetin Kaya Koç, B.S.K., Paar, C (eds) CHES. Lecture Notes in Computer Science, vol. 1717, pp. 158–172. Springer, Berlin (1999)
Krawczyk H.: LFSR-based hashing and authentication. In: Desmedt, Y (eds) CRYPTO. Lecture Notes in Computer Science, vol. 839, pp. 129–139. Springer, Berlin (1994)
Mangard S., Oswald E., Popp T.: Power analysis attacks: revealing the secrets of smart cards. Springer, Berlin (2007)
Mangard, S., Oswald, E., Standaert, F.X.: One for All–All for One: Unifying Standard DPA Attacks. Cryptology ePrint Archive, Report 2009/449 (2009). http://eprint.iacr.org/, to appear in IET Information Security
Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S (eds) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 18–35. Springer, Berlin (2009)
Prouff E., Rivain M., Bevan R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Standaert F.X.: How leaky is an extractor?. In: Abdalla, M., Barreto, P.S.L.M (eds) LATINCRYPT. Lecture Notes in Computer Science, vol. 6212, pp. 294–304. Springer, Berlin (2010)
Standaert F.X., Malkin T., Yung M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (eds) EUROCRYPT Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer, Berlin (2009)
Standaert, F.X., Pereira, O., Yu, Y., Quisquater, J.J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Basin, D., Maurer, U., Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, Information Security and Cryptography, pp. 99–134. Springer, Berlin (2010). http://dx.doi.org/10.1007/978-3-642-14452-3_5
Standaert F.X., Veyrat-Charvillon N., Oswald E., Gierlichs B., Medwed M., Kasper M., Mangard S.: The world is not enough: another look on second-order DPA. In: Abe, M (eds) ASIACRYPT. Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer, Berlin (2010)
Veyrat-Charvillon, N., Standaert, F.X.: Adaptive chosen-message side-channel attacks. In: Zhou, J., Yung, M. (eds.) ACNS. Lecture Notes in Computer Science, vol. 6123, pp. 186–199 (2010)
Yu Y., Standaert F.X., Pereira O., Yung M.: Practical leakage-resilient pseudorandom generators. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V (eds) ACM Conference on Computer and Communications Security, pp. 141–151. ACM, New York (2010)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Medwed, M., Standaert, FX. Extractors against side-channel attacks: weak or strong?. J Cryptogr Eng 1, 231–241 (2011). https://doi.org/10.1007/s13389-011-0014-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-011-0014-y