Cryptology ePrint Archive: Report 2019/1331

Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?

Melissa Azouaoui and Romain Poussier and François-Xavier Standaert and Vincent Verneuil

Abstract: In this work, we formulate and investigate a pragmatic question related to practical side-channel attacks complemented with key enumeration. In a real attack scenario, after an attacker has extracted side-channel information, it is possible that despite the entropy of the key has been signi cantly reduced, she cannot yet achieve a direct key recovery. If the correct key lies within a sufficiently small set of most probable keys, it can then be recovered with a plaintext and the corresponding ciphertext, by performing enumeration. Our proposal relates to the following question: how does an attacker know when to stop acquiring side-channel observations and when to start enumerating with a given computational effort? Since key enumeration is an expensive (i.e. time-consuming) task, this is an important question from an adversarial viewpoint. To answer this question, we present an efficient (heuristic) way to perform key-less rank estimation, based on simple entropy estimations using histograms.

Category / Keywords: Side-channel attacks, key rank estimation, key enumeration.

Original Publication (in the same form): CARDIS 2019

Date: received 19 Nov 2019

Contact author: melissa azouaoui at outlook com,melissa azouaoui@nxp com

Available format(s): PDF | BibTeX Citation

Version: 20191119:140249 (All versions of this report)

Short URL: ia.cr/2019/1331


[ Cryptology ePrint archive ]