Paper 2012/578

Security Evaluations Beyond Computing Power: How to Analyze Side-Channel Attacks you Cannot Mount?

Nicolas Veyrat-Charvillon, Benoît Gérard, and François-Xavier Standaert

Abstract

Present key sizes for symmetric cryptography are usually required to be at least 80-bit long for short-term protection, and 128-bit long for long-term protection. However, current tools for security evaluations against side-channel attacks do not provide a precise estimation of the remaining key strength after some leakage has been observed, e.g. in terms of number of candidates to test. This leads to an uncomfortable situation, where the security of an implementation can be anywhere between enumerable values (i.e. $2^{40}$ -- $2^{50}$ key candidates to test) and the full key size (i.e. $2^{80}$ -- $2^{128}$ key candidates to test). In this paper, we mitigate this important issue, and describe a key rank estimation algorithm that provides tight bounds for the security level of leaking cryptographic devices. As a result and for the first time, we are able to analyze the full complexity of “standard” (i.e. divide-and-conquer) side-channel attacks, in terms of their tradeoff between time, data and memory complexity.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
information theoryside-channel cryptanalysis
Contact author(s)
nicolas veyrat @ uclouvain be
History
2012-10-16: received
Short URL
https://ia.cr/2012/578
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/578,
      author = {Nicolas Veyrat-Charvillon and Benoît Gérard and François-Xavier Standaert},
      title = {Security Evaluations Beyond Computing Power: How to Analyze Side-Channel Attacks you Cannot Mount?},
      howpublished = {Cryptology ePrint Archive, Paper 2012/578},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/578}},
      url = {https://eprint.iacr.org/2012/578}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.