Further Hidden Markov Model Cryptanalysis

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)


We extend the model of Karlof and Wagner for modelling side channel attacks via Input Driven Hidden Markov Models (IDHMM) to the case where not every state corresponds to a single observable symbol. This allows us to examine algorithms where errors in measurements can occur between sub-operations, e.g. there may be an error probability of distinguishing an add (A) versus a double (D) for an elliptic curve system. The prior work of Karlof and Wagner would assume the error was between distinguishing an add-double (AD) versus a double (D). Our model also allows the modelling of unknown values, where one is unable to determine whether a given observable is add or double, and is the first model to allow one to analyse incomplete traces. Hence, our extension allows a more realistic modelling of real side channel attacks. In addition we look at additional heuristic approaches to combine multiple traces together so as to deduce further information.


Side Channel Discrete Logarithm Problem Single Trace Side Channel Attack Multiple Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)zbMATHGoogle Scholar
  2. 2.
    Brier, É., Déchène, I., Joye, M.: Unified addition formulæ for elliptic curve cryptosystems. In: Embedded Cryptographic Hardware: Methodologies and Architectures. Nova Science Publishers, Bombay (2004)Google Scholar
  3. 3.
    Joye, M., Quisquarter, J.-J.: Hessian elliptic curves and side-channel analysis. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Karlof, C., Wagner, D.: Hidden Markov model cryptanalysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 17–34. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Oswald, E.: Enhancing simple power-analysis attacks on elliptic curve cryptosystems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Oswald, E.: Side-Channel Analysis. In: [1], pp. 69–86 (2005)Google Scholar
  8. 8.
    Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Stinson, D.: Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. Math. Comp. 71, 379–391 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Walter, C.: Breaking the Liardet–Smart randomized exponentiation algorithm. In: Proceedings Cardis 2002, pp. 59–68. USENIX Assoc. (2002)Google Scholar
  11. 11.
    Yididia, J.S., Freeman, W.T., Weiss, Y.: Understanding Belief Propagation and its Generalizations. Mitsubishi Electric Research Laboratories Technical Report TR-2001-22 (January 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  1. 1.Department of MathematicsUniversity of BristolBristolUnited Kingdom
  2. 2.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations