Paper 2019/1331
Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?
Melissa Azouaoui, Romain Poussier, François-Xavier Standaert, and Vincent Verneuil
Abstract
In this work, we formulate and investigate a pragmatic question related to practical side-channel attacks complemented with key enumeration. In a real attack scenario, after an attacker has extracted side-channel information, it is possible that despite the entropy of the key has been signicantly reduced, she cannot yet achieve a direct key recovery. If the correct key lies within a sufficiently small set of most probable keys, it can then be recovered with a plaintext and the corresponding ciphertext, by performing enumeration. Our proposal relates to the following question: how does an attacker know when to stop acquiring side-channel observations and when to start enumerating with a given computational effort? Since key enumeration is an expensive (i.e. time-consuming) task, this is an important question from an adversarial viewpoint. To answer this question, we present an efficient (heuristic) way to perform key-less rank estimation, based on simple entropy estimations using histograms.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. CARDIS 2019
- Keywords
- Side-channel attackskey rank estimationkey enumeration.
- Contact author(s)
-
melissa azouaoui @ outlook com
melissa azouaoui @ nxp com - History
- 2019-11-19: received
- Short URL
- https://ia.cr/2019/1331
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1331,
author = {Melissa Azouaoui and Romain Poussier and François-Xavier Standaert and Vincent Verneuil},
title = {Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?},
howpublished = {Cryptology ePrint Archive, Paper 2019/1331},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/1331}},
url = {https://eprint.iacr.org/2019/1331}
}
