Further Hidden Markov Model Cryptanalysis
- 1.9k Downloads
We extend the model of Karlof and Wagner for modelling side channel attacks via Input Driven Hidden Markov Models (IDHMM) to the case where not every state corresponds to a single observable symbol. This allows us to examine algorithms where errors in measurements can occur between sub-operations, e.g. there may be an error probability of distinguishing an add (A) versus a double (D) for an elliptic curve system. The prior work of Karlof and Wagner would assume the error was between distinguishing an add-double (AD) versus a double (D). Our model also allows the modelling of unknown values, where one is unable to determine whether a given observable is add or double, and is the first model to allow one to analyse incomplete traces. Hence, our extension allows a more realistic modelling of real side channel attacks. In addition we look at additional heuristic approaches to combine multiple traces together so as to deduce further information.
KeywordsSide Channel Discrete Logarithm Problem Single Trace Side Channel Attack Multiple Trace
- 2.Brier, É., Déchène, I., Joye, M.: Unified addition formulæ for elliptic curve cryptosystems. In: Embedded Cryptographic Hardware: Methodologies and Architectures. Nova Science Publishers, Bombay (2004)Google Scholar
- 7.Oswald, E.: Side-Channel Analysis. In: , pp. 69–86 (2005)Google Scholar
- 10.Walter, C.: Breaking the Liardet–Smart randomized exponentiation algorithm. In: Proceedings Cardis 2002, pp. 59–68. USENIX Assoc. (2002)Google Scholar
- 11.Yididia, J.S., Freeman, W.T., Weiss, Y.: Understanding Belief Propagation and its Generalizations. Mitsubishi Electric Research Laboratories Technical Report TR-2001-22 (January 2002)Google Scholar