Paper 2019/1331

Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?

Melissa Azouaoui, Romain Poussier, François-Xavier Standaert, and Vincent Verneuil

Abstract

In this work, we formulate and investigate a pragmatic question related to practical side-channel attacks complemented with key enumeration. In a real attack scenario, after an attacker has extracted side-channel information, it is possible that despite the entropy of the key has been signicantly reduced, she cannot yet achieve a direct key recovery. If the correct key lies within a sufficiently small set of most probable keys, it can then be recovered with a plaintext and the corresponding ciphertext, by performing enumeration. Our proposal relates to the following question: how does an attacker know when to stop acquiring side-channel observations and when to start enumerating with a given computational effort? Since key enumeration is an expensive (i.e. time-consuming) task, this is an important question from an adversarial viewpoint. To answer this question, we present an efficient (heuristic) way to perform key-less rank estimation, based on simple entropy estimations using histograms.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. CARDIS 2019
Keywords
Side-channel attackskey rank estimationkey enumeration.
Contact author(s)
melissa azouaoui @ outlook com
melissa azouaoui @ nxp com
History
2019-11-19: received
Short URL
https://ia.cr/2019/1331
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1331,
      author = {Melissa Azouaoui and Romain Poussier and François-Xavier Standaert and Vincent Verneuil},
      title = {Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1331},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1331}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.