Paper 2011/348

Extractors Against Side-Channel Attacks: Weak or Strong?

Marcel Medwed and Francois-Xavier Standaert


Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On the one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.

Available format(s)
Publication info
Published elsewhere. Full version of the paper published at CHES 2011
Randomness extractorsSide-channel analysisCountermeasures
Contact author(s)
marcel medwed @ uclouvain be
2011-07-28: last of 2 revisions
2011-06-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marcel Medwed and Francois-Xavier Standaert},
      title = {Extractors Against Side-Channel Attacks: Weak or Strong?},
      howpublished = {Cryptology ePrint Archive, Paper 2011/348},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.