Cryptology ePrint Archive: Report 2016/491

Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations

Daniel P. Martin and Luke Mather and Elisabeth Oswald and Martijn Stam

Abstract: Quantifying the side channel security of implementations has been a significant research question for several years in academia but also among real world side channel practitioners. As part of security evaluations, efficient key rank estimation algorithms were devised, which in contrast to analyses based on subkey recovery, give a holistic picture of the security level after a side channel attack. However, it has been observed that outcomes of rank estimations show a huge spread in precisely the range of key ranks where enumeration could lead to key recovery. These observations raise the question whether this is because of insufficient rank estimation procedures, or, if this is an inherent property of the key rank. Furthermore, if this was inherent, how could key rank outcomes be translated into practically meaningful figures, suitable to analysing the risk that real world side channel attacks pose? This paper is a direct response to these questions. We experimentally identify the key rank distribution and show that it is independent of different distinguishers and signal-to-noise ratios. Then we offer a theoretical explanation for the observed key rank distribution and determine how many samples thereof are required for a robust estimation of some key parameters. We discuss how this can be naturally integrated into real world side channel evaluation practices. We conclude our research by connecting non-parametric order statistics, in particular percentiles, in a practically meaningful way with business goals.

Category / Keywords: implementation / side channel evaluations, key rank

Date: received 20 May 2016, last revised 23 May 2016

Contact author: dan martin at bristol ac uk, luke mather@bristol ac uk, elisabeth oswald@bristol ac uk, martijn stam@bristol ac uk

Available format(s): PDF | BibTeX Citation

Version: 20160523:102553 (All versions of this report)

Short URL: ia.cr/2016/491

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]