A Provably Secure And Efficient Countermeasure Against Timing Attacks

Boris Köpf and Markus Dürmuth

Abstract

We show that the amount of information about the key that an unknown-message attacker can extract from a deterministic side-channel is bounded from above by |O| \log_2 (n+1) bits, where n is the number of side-channel measurements and O is the set of possible observations. We use this bound to derive a novel countermeasure against timing attacks, where the strength of the security guarantee can be freely traded for the resulting performance penalty. We give algorithms that efficiently and optimally adjust this trade-off for given constraints on the side-channel leakage or on the efficiency of the cryptosystem. Finally, we perform a case-study that shows that applying our countermeasure leads to implementations with minor performance overhead and formal security guarantees.

Available format(s)
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
Side-Channel AttacksImplementationInformation theory
Contact author(s)
bkoepf @ mpi-sws mpg de
History
2009-05-07: revised
See all versions
Short URL
https://ia.cr/2009/089

CC BY

BibTeX

@misc{cryptoeprint:2009/089,
author = {Boris Köpf and Markus Dürmuth},
title = {A Provably Secure And Efficient Countermeasure Against Timing Attacks},
howpublished = {Cryptology ePrint Archive, Paper 2009/089},
year = {2009},
note = {\url{https://eprint.iacr.org/2009/089}},
url = {https://eprint.iacr.org/2009/089}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.