Paper 2018/019

Two Sides of the Same Coin: Counting and Enumerating Keys Post Side-Channel Attacks Revisited.

Daniel P. Martin, Luke Mather, and Elisabeth Oswald


Motivated by the need to assess the concrete security of a device after a side channel attack, there has been a flurry of recent work designing both key rank and key enumeration algorithms. Two main competitors for key ranking can be found in the literature: a convolution based algorithm put forward by Glowacz et al. (FSE 2015), and a path counting based algorithm proposed by Martin et al. (Asiacrypt 2015). Both key ranking algorithms can be extended to key enumeration algorithms (Poussier et al. (CHES 2016) and Martin et al. (Asiacrypt 2015)). The two approaches were proposed independently, and have so far been treated as uniquely different techniques, with different levels of accuracy. However, we show that both approaches (for ranking) are mathematically equivalent for a suitable choice of their respective discretisation parameter. This settles questions about which one returns more accurate rankings. We then turn our attention to their related enumeration algorithms and determine why and how these algorithms differ in their practical performance.

Available format(s)
Publication info
Published elsewhere. CT RSA 2018
side channels
Contact author(s)
elisabeth oswald @ bristol ac uk
2018-01-05: received
Short URL
Creative Commons Attribution


      author = {Daniel P.  Martin and Luke Mather and Elisabeth Oswald},
      title = {Two Sides of the Same Coin: Counting and Enumerating Keys Post Side-Channel Attacks Revisited.},
      howpublished = {Cryptology ePrint Archive, Paper 2018/019},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.