Advertisement

Poly-Logarithmic Side Channel Rank Estimation via Exponential Sampling

  • Liron DavidEmail author
  • Avishai WoolEmail author
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11405)

Abstract

Rank estimation is an important tool for a side-channel evaluations laboratories. It allows estimating the remaining security after an attack has been performed, quantified as the time complexity and the memory consumption required to brute force the key given the leakages as probability distributions over d subkeys (usually key bytes). These estimations are particularly useful where the key is not reachable with exhaustive search.

We propose ESrank, the first rank estimation algorithm that enjoys provable poly-logarithmic time- and space-complexity, which also achieves excellent practical performance. Our main idea is to use exponential sampling to drastically reduce the algorithm’s complexity. Importantly, ESrank is simple to build from scratch, and requires no algorithmic tools beyond a sorting function. After rigorously bounding the accuracy, time and space complexities, we evaluated the performance of ESrank on a real SCA data corpus, and compared it to the currently-best histogram-based algorithm. We show that ESrank gives excellent rank estimation (with roughly a 1-bit margin between lower and upper bounds), with a performance that is on-par with the Histogram algorithm: a run-time of under 1 s on a standard laptop using 6.5 MB RAM.

This is a preview of subscription content, log in to check access.

Notes

Acknowledgement

Liron David was partially supported by The Yitzhak and Chaya Weinstein Research Institute for Signal Processing.

References

  1. 1.
    FIPS PUB 197, advanced encryption standard (AES), 2001. U.S. Department of Commerce/National Institute of Standards and Technology (NIST)Google Scholar
  2. 2.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_4CrossRefGoogle Scholar
  3. 3.
    Jon Louis Bentley and Andrew Chi-Chih Yao: An almost optimal algorithm for unbounded searching. Inf. Process. Lett. 5(3), 82–87 (1976)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Daniel J Bernstein, Tanja Lange, and Christine van Vredendaal. Tighter, faster, simpler side-channel security evaluations beyond computing power. IACR Cryptology ePrint Archive, 2015:221, 2015Google Scholar
  5. 5.
    Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 310–327. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-31301-6_19CrossRefzbMATHGoogle Scholar
  6. 6.
    Choudary, M.O., Popescu, P.G.: Back to Massey: impressively fast, scalable and tight security evaluation tools. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 367–386. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_18CrossRefGoogle Scholar
  7. 7.
    David, L., Wool, A.: A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 311–327. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_18CrossRefGoogle Scholar
  8. 8.
    Liron David and Avishai Wool. Poly-logarithmic side channel rank estimation via exponential sampling. Cryptology ePrint Archive, Report 2018/867 (2018). https://eprint.iacr.org/2018/867
  9. 9.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_16CrossRefGoogle Scholar
  10. 10.
    Fledel, D., Wool, A.: Sliding-window correlation attacks against encryption devices with an unstable clock. In: Proceedings of 25th Conference on Selected Areas in Cryptography (SAC), Calgary, August 2018Google Scholar
  11. 11.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_21CrossRefGoogle Scholar
  12. 12.
    Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_6CrossRefGoogle Scholar
  13. 13.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  14. 14.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_9CrossRefGoogle Scholar
  15. 15.
    Li, Y., Meng, X., Wang, S., Wang, J.: Weighted key enumeration for EM-based side-channel attacks. In: 2018 IEEE International Symposium on Electromagnetic Compatibility and 2018 IEEE Asia-Pacific Symposium on Electromagnetic Compatibility (EMC/APEMC), pp. 749–752. IEEE (2018)Google Scholar
  16. 16.
    Li, Y., Wang, S., Wang, Z., Wang, J.: A strict key enumeration algorithm for dependent score lists of side-channel attacks. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 51–69. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-75208-2_4CrossRefGoogle Scholar
  17. 17.
    Longo, J., Martin, D.P., Mather, L., Oswald, E., Sach, B., Stam, M.: How low can you go? Using side-channel data to enhance brute-force key recovery. IACR Cryptology ePrint Archive, 2016:609 (2016)Google Scholar
  18. 18.
    Martin, D.P., Mather, L., Oswald, E.: Two sides of the same coin: counting and enumerating keys post side-channel attacks revisited. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 394–412. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76953-0_21CrossRefGoogle Scholar
  19. 19.
    Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 548–572. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_20CrossRefzbMATHGoogle Scholar
  20. 20.
    Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 313–337. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_13CrossRefzbMATHGoogle Scholar
  21. 21.
    Pan, J., van Woudenberg, J.G.J., den Hartog, J.I., Witteman, M.F.: Improving DPA by peak distribution analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 241–261. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19574-7_17CrossRefGoogle Scholar
  22. 22.
    Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 61–81. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_4CrossRefzbMATHGoogle Scholar
  23. 23.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45418-7_17CrossRefzbMATHGoogle Scholar
  24. 24.
    Martin, D.P., Montanaro, A., Oswald, E., Shepherd, D.: Quantum key search with side channel advice. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 407–422. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-72565-9_21CrossRefGoogle Scholar
  25. 25.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35999-6_25CrossRefGoogle Scholar
  26. 26.
    Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_8CrossRefGoogle Scholar
  27. 27.
    Wang, S., Li, Y., Wang, J.: A new key rank estimation method to investigate dependent key lists of side channel attacks. In: 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 19–24. IEEE (2017)Google Scholar
  28. 28.
    Ye, X., Eisenbarth, T., Martin, W.: Bounded, yet sufficient? How to determine whether limited side channel information enables key recovery. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 215–232. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-16763-3_13CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Electrical EngineeringTel Aviv UniversityTel AvivIsrael

Personalised recommendations

Cite paper

Buy options