Skip to main content
Springer Nature Link
Log in

Key Enumeration from the Adversarial Viewpoint

When to Stop Measuring and Start Enumerating?

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11833))

  • 555 Accesses

Abstract

In this work, we formulate and investigate a pragmatic question related to practical side-channel attacks complemented with key enumeration. In a real attack scenario, after an attacker has extracted side-channel information, it is possible that despite the entropy of the key has been significantly reduced, she cannot yet achieve a direct key recovery. If the correct key lies within a sufficiently small set of most probable keys, it can then be recovered with a plaintext and the corresponding ciphertext, by performing enumeration. Our proposal relates to the following question: how does an attacker know when to stop acquiring side-channel observations and when to start enumerating with a given computational effort? Since key enumeration is an expensive (i.e. time-consuming) task, this is an important question from an adversarial viewpoint. To answer this question, we present an efficient (heuristic) way to perform key-less rank estimation, based on simple entropy estimations using histograms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The framework [5] is actually misleading in this respect as it suggests that the GE is the actual key rank while it is the average key rank. The keyed and key-less versions are equivalent in case the templates used in the key-less estimation are perfect so the difference between both definitions only lies in the knowledge of the key.

References

  1. Bernstein, D.J., Lange, T., van Vredendaal, C.: Tighter, faster, simpler side-channel security evaluations beyond computing power. IACR Cryptology ePrint Archive, 2015:221 (2015)

    Google Scholar 

  2. Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 310–327. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_19

    Chapter  MATH  Google Scholar 

  3. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  4. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  5. Choudary, M.O., Popescu, P.G.: Back to Massey: impressively fast, scalable and tight security evaluation tools. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 367–386. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_18

    Chapter  Google Scholar 

  6. Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_6

    Chapter  Google Scholar 

  7. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  8. Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 548–572. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_20

    Chapter  MATH  Google Scholar 

  9. Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 313–337. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_13

    Chapter  MATH  Google Scholar 

  10. Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 61–81. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_4

    Chapter  MATH  Google Scholar 

  11. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3

    Chapter  Google Scholar 

  12. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    Chapter  Google Scholar 

  13. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_25

    Chapter  Google Scholar 

  14. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_8

    Chapter  Google Scholar 

  15. Ye, X., Eisenbarth, T., Martin, W.: Bounded, yet sufficient? How to determine whether limited side channel information enables key recovery. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 215–232. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_13

    Chapter  Google Scholar 

Download references

Acknowledgement

François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research. This work has been funded in part by the European Commission through the H2020 project 731591 (acronym REASSURE) and by the ERC Consolidator Grant 724725 (acronym SWORD). The authors acknowledge the support from the ‘National Integrated Centre of Evaluation’ (NICE), a facility of Cyber Security Agency, Singapore (CSA).

Author information

Authors and Affiliations

  1. Université Catholique de Louvain, Louvain-la-Neuve, Belgium

    Melissa Azouaoui & François-Xavier Standaert

  2. NXP Semiconductors, Hamburg, Germany

    Melissa Azouaoui & Vincent Verneuil

  3. Temasek Laboratories, Nanyang Technological University, Singapore, Singapore

    Romain Poussier

Authors
  1. Melissa Azouaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Romain Poussier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Verneuil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Melissa Azouaoui .

Editor information

Editors and Affiliations

  1. CryptoExperts, Paris, France

    Sonia Belaïd

  2. Ruhr-Universität Bochum, Bochum, Germany

    Tim Güneysu

A Error Bounds on the Histogram Estimations

A Error Bounds on the Histogram Estimations

The bounds on the estimation of the entropy and the key-less guessing entropy using the Glowacz et al. full key distribution histogram and based on its quantization error are given by:

$$ \mathrm {H}\underline{~}\mathrm {upper}\underline{~}\mathrm {bound}= \sum \limits _{i = 1}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} H(i).\exp (\mathsf {bin}(i + N_p)).\mathsf {bin}(i + N_p) $$
$$ \mathrm {H}\underline{~}\mathrm {lower}\underline{~}\mathrm {bound}= \sum \limits _{i = 1}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} H(i).\exp (\mathsf {bin}(i - N_p)).\mathsf {bin}(i - N_p) $$
$$ \mathrm {GE}_{kl}\underline{~}\mathrm {upper}\underline{~}\mathrm {bound}= \sum \limits _{i = 1}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} \left( \sum \limits _{j = i - N_p}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} H(j) \right) . \exp ({\mathsf {bin}(i + N_p)}) $$
$$ \mathrm {GE}_{kl}\underline{~}\mathrm {lower}\underline{~}\mathrm {bound}= \sum \limits _{i = 1}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} \left( \sum \limits _{j = i + N_p}^{N_p\cdot N_{\mathrm {bin}} -(N_p-1)} H(j) \right) . \exp ({\mathsf {bin}(i - N_p)}) $$

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Azouaoui, M., Poussier, R., Standaert, FX., Verneuil, V. (2020). Key Enumeration from the Adversarial Viewpoint. In: Belaïd, S., Güneysu, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2019. Lecture Notes in Computer Science(), vol 11833. Springer, Cham. https://doi.org/10.1007/978-3-030-42068-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42068-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42067-3

  • Online ISBN: 978-3-030-42068-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy