Usually the separation between known and unknown keybits is not this clear cut -- they are known with probabilities ranging between 100\% and 0\%. Enumeration and rank estimation of cryptographic keys based on partial information derived from cryptanalysis have become important tools for security evaluations. They make the line between a broken and secure device more clear and thus help security evaluators determine how high the security of a device is. For symmetric-key cryptography there has been some recent work on key enumeration and rank estimation, but for discrete-logarithm-based systems these algorithms fail because the subkeys are not independent and the algorithms cannot take advantage of the above-mentioned faster attacks. We present $\epsilon$-enumeration as a new method to compute the rank of a key by using the probabilities together with (variations of) Pollard's kangaroo algorithm and give experimental evidence.
Category / Keywords: side-channel attacks, template attacks, key enumeration, rank estimation, discrete logarithms, Pollard-kangaroo method, precomputation Date: received 21 Jul 2014, last revised 30 Jan 2015 Contact author: c v vredendaal at tue nl Available format(s): PDF | BibTeX Citation Version: 20150130:094127 (All versions of this report) Short URL: ia.cr/2014/565 Discussion forum: Show discussion | Start new discussion