Statistics and Secret Leakage

  • Jean-Sébasticn Coron
  • Paul Kocher
  • David Naccache
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1962)


In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location. As one can easily imagine, real-life devices are not ideal and information may leak through different physical channels.

This paper gives a rigorous definition of leakage immunity and presents several leakage detection tests. In these tests, failure confirms the probable existence of secret-correlated emanations and indicates how likely the leakage is. Success does not refute the existence of emanations but indicates that significant emanations were not detected on the strength of the evidence presented, which of course, leaves the door open to reconsider the situation if further evidence comes to hand at a later date.


Leakage Detection Rigorous Definition Input Tape Usual Complexity Complexity Assumption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Anderson, M. Kuhn, Tamper resistance-a cautionary note, The second USBNix workshop on electronic commerce, pp. 1–11, 1996.Google Scholar
  2. 2.
    C. Bennett, Logical reversibility of computation, IBM Journal of R&D, vol. 17, pp. 525–532, 1973.MathSciNetCrossRefGoogle Scholar
  3. 3.
    E. Biham, A. Shamir, Differential fault analysis of secret key cryptosys-tems, Advances in Cryptology CRYPTO’97, Springer-Verlag, LNCS 1233, pp. 513–525, 1997.Google Scholar
  4. 4.
    D. Boneh, R. DeMillo, R. Lipton, On the importance of checking cryptographic protocols for faults, Advances in Cryptology burocrypt’97, Springer-Verlag, LNCS 1233, pp. 37–51, 1997.Google Scholar
  5. 5.
    S. Chari, C. Jutla, J. Rao, P. Rohatgi, Towards sound approaches to couteract power-analysis attacks, Advances in Cryptology crypto’99, Springer-Verlag, LNCS 1666, pp. 398–412, 1999.CrossRefGoogle Scholar
  6. 6.
    J.-S. Coron, On the security of random sources, Proceedings of PKC’99, Springer-Verlag, LNCS 1560, pp. 29–42, 1999.Google Scholar
  7. 7.
    F. Edgeworth, Observations and statistics: an essay on the theory of errors of observation and the first principles of statistics, Transactions of the Cambridge philosophical society, vol. 14, pp. 138–169, 1885.Google Scholar
  8. 8.
    International Organization for Standardization and International Elec-trotechnical Commission, ISO/IEC 15408-l:1999(E), Information technology-Security techniques-Evaluation criteria for IT security, 1999.Google Scholar
  9. 9.
    B. Jun, P. Kocher, The Intel random number generator, Cryptography Research white paper,, 1999.
  10. 10.
    R. Keyes, Physical limits in digital electronics, Proceedings of the IEEE, vol. 63, pp. 740–767, 1975.CrossRefGoogle Scholar
  11. 11.
    D. Knuth, The art of computer programming, vol. 2, Seminunierical algorithms, Addison-Wesley. Reading, pp. 2–160. 1969.Google Scholar
  12. 12.
    P. Kocher. J. Jaffe, B. Jun, Differential power analysis, Advances in Cryp-tology crypto’99, Springer-Verlag, LNCS 1666, pp. 388–397, 1999.Google Scholar
  13. 13.
    P. Kocher. Timing attacks on implementations of DifEe-Hellman, USA. DSS, and other systems, Advances in Cryptology crypto’96, Springer-Verlag, LNCS 1109, pp. 104–113, 1996.Google Scholar
  14. 14.
    O. Kömmerling, M. Kuhn, Design principles for tamper-resistant smart-card processors, Proceedings of the usenix workshop on smartcard technology, pp. 9–20, 1999.Google Scholar
  15. 15.
    R. Langlcy, Practical statistics, Dover publications, Now-York, 1968.Google Scholar
  16. 16.
    M. Luby, Pseudorandomness and cryptographic applications, Princeton computer science notes, 1996.Google Scholar
  17. 17.
    U. Maurer, A universal statistical test for random bit generators, Journal of Cryptology, vol. 5, no. 2, pp. 89–105, 1992.MathSciNetCrossRefGoogle Scholar
  18. 18.
    C. Mead, L. Conway, Introduction to VLSI systems, Addison-Wesley, pp. 333–371, 1980.Google Scholar
  19. 19.
    I. Miller, J. Frcund, R. Johnson, Probability and statistics for cnginncrs, Prentice Hill, 1990.Google Scholar
  20. 20.
    National Institute of Standards and Technology, Federal Information Processing Standards Publication 140-1, Security requirements for cryptographic modules January 11, 1994.Google Scholar
  21. 21.
    SEPF88, Primo simposio nazionale,su sicurezza elettromagnetica nella pro-tezione dell’informazione, Rome (Italy), pp. 1–205, 1988.Google Scholar
  22. 22.
    SEPI’91, Symposium on electromagnetic security for information protection, Rome (Italy), pp. 1–311, 1991.Google Scholar
  23. 23.
    N. Weste, K. Eshraghian, Principles of CMOS VLSI design, Addison-Wesley, pp. 231–238, 1993.Google Scholar
  24. 24.
    H. Wolfson, Geometric hashing, an overview, IEEE Computational Science and Engineering, vol. 4., no. 4, pp. 10–21, 1997.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Jean-Sébasticn Coron
    • 1
    • 3
  • Paul Kocher
    • 2
  • David Naccache
    • 3
  1. 1.École Normale SupérieureDMIParisFrance
  2. 2.Cryptography Research, Inc.San FranciscoUSA
  3. 3.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations