Paper 2011/348

Extractors Against Side-Channel Attacks: Weak or Strong?

Marcel Medwed and Francois-Xavier Standaert

Abstract

Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On the one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Full version of the paper published at CHES 2011
Keywords
Randomness extractorsSide-channel analysisCountermeasures
Contact author(s)
marcel medwed @ uclouvain be
History
2011-07-28: last of 2 revisions
2011-06-27: received
See all versions
Short URL
https://ia.cr/2011/348
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/348,
      author = {Marcel Medwed and Francois-Xavier Standaert},
      title = {Extractors Against Side-Channel Attacks: Weak or Strong?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/348},
      year = {2011},
      url = {https://eprint.iacr.org/2011/348}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.