Counting Keys in Parallel After a Side Channel Attack

  • Daniel P. MartinEmail author
  • Jonathan F. O’Connell
  • Elisabeth Oswald
  • Martijn Stam
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9453)


Side channels provide additional information to skilled adversaries that reduce the effort to determine an unknown key. If sufficient side channel information is available, identification of the secret key can even become trivial. However, if not enough side information is available, some effort is still required to find the key in the key space (which now has reduced entropy). To understand the security implications of side channel attacks it is then crucial to evaluate this remaining effort in a meaningful manner. Quantifying this effort can be done by looking at two key questions: first, how ‘deep’ (at most) is the unknown key in the remaining key space, and second, how ‘expensive’ is it to enumerate keys up to a certain depth?

We provide results for these two challenges. Firstly, we show how to construct an extremely efficient algorithm that accurately computes the rank of a (known) key in the list of all keys, when ordered according to some side channel attack scores. Secondly, we show how our approach can be tweaked such that it can be also utilised to enumerate the most likely keys in a parallel fashion. We are hence the first to demonstrate that a smart and parallel key enumeration algorithm exists.


Key enumeration Key rank Side channels 



We would like to thank Benjamin Sach and Raphael Clifford for there valuable insight and advice during the developement of the algorithm. This work was carried out using the computational facilities of the Advanced Computing Research Centre, University of Bristol - Daniel, Jonathan and Elisabeth have been supported by an EPSRC Leadership Fellowship EP/I005226/1.


  1. 1.
    Bernstein, D.J., Lange, T., van Vredendaal, C.: Tighter, faster, simpler side-channel security evaluations beyond computing power. IACR Cryptology ePrint Archive 2015, 221 (2015).
  2. 2.
    Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. Cryptology ePrint Archive, Report 2015/795 (2015)Google Scholar
  3. 3.
    Dasgupta, S., Papadimitriou, C.H., Vazirani, U.V.: Algorithms. McGraw-Hill, New York (2008)Google Scholar
  4. 4.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015) Google Scholar
  5. 5.
    Dyer, M.E.: Approximate counting by dynamic programming. In: Larmore, L.L., Goemans, M.X. (eds.) Proceedings of the 35th Annual ACM Symposium on Theory of Computing, San Diego, CA, USA, 9–11 June 2003, pp. 693–699. ACM (2003).
  6. 6.
    Glowacz, C., Grosso, V., Poussier, R., Schueth, J., Standaert, F.: Simpler and more efficient rank estimation for side-channel security assessment. IACR Cryptology ePrint Archive 2014, 920 (2014). Accepted for publication at FSE 2015Google Scholar
  7. 7.
    Gopalan, P., Klivans, A., Meka, R., Stefankovic, D., Vempala, S., Vigoda, E.: An FPTAS for #Knapsack and related counting problems. In: 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 817–826, October 2011Google Scholar
  8. 8.
    Kahn, A.B.: Topological sorting of large networks. Commun. ACM 5(11), 558–562 (1962). zbMATHCrossRefGoogle Scholar
  9. 9.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  10. 10.
    Mangard, S., Oswald, E., Standaert, F.X.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  11. 11.
    Tarjan, R.: Edge-disjoint spanning trees and depth-first search. Acta Informatica 6(2), 171–185 (1976). zbMATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    Valiant, L.G.: The complexity of enumeration and reliability problems. SIAM J. Comput. 8(3), 410–421 (1979). zbMATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  14. 14.
    Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Ye, X., Eisenbarth, T., Martin, W.: Bounded, yet sufficient? how to determine whether limited side channel information enables key recovery. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 215–232. Springer, Heidelberg (2015) Google Scholar

Copyright information

© International Association for Cryptologc Research 2015

Authors and Affiliations

  • Daniel P. Martin
    • 1
    Email author
  • Jonathan F. O’Connell
    • 1
  • Elisabeth Oswald
    • 1
  • Martijn Stam
    • 1
  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations