Basics of Side-Channel Analysis
Classical cryptography considers attack scenarios of adversaries getting black box access to a cryptosystem, namely to its inputs and outputs. For example, in a chosen ciphertext attack, an adversary can submit ciphertexts of her choice to a decryption oracle and receives in return the corresponding plaintexts. In real life, however, an adversary may be more powerful. For example, an adversary may in addition monitor the execution of the cryptosystem under attack and collect some side-channel information, such as the execution time or the power consumption. The idea behind side-channel analysis is to infer some secret data from this extra information.
This chapter presents several applications of side-channel analysis using different types of side-channel leakage. The primary goal is to explain the basic principles of side-channel analysis through concrete examples. Simple countermeasures to prevent side-channel leakage are also discussed. More sophisticated methods and...
KeywordsSmart Card Encryption Algorithm Advance Encryption Standard Differential Power Analysis Power Trace
- 1.C. Batut, K. Belabas, D. Bernardi, H. Cohen, and M. Olivier. Pari/GP. Freely available at URL http://pari.math.u-bordeaux.fr
- 2.M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, 1993.Google Scholar
- 3.M. Bellare and P. Rogaway. The exact security of digital signatures. In Advances in Cryptology – EUROCRYPT ’96, LNCS vol. 1070, pp. 399–416. Springer, 1996.Google Scholar
- 5.J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In J. J. Quisquater and B. Schneier, editors, Smart Card Research and Applications (CARDIS ’98), LNCS, vol. 1820, pp. 167–182. Springer-Verlag, 2000.CrossRefGoogle Scholar
- 7.P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology – CRYPTO ’99, LNCS, vol. 1666, pp. 388–397. Springer-Verlag, 1999.Google Scholar
- 8.P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology – CRYPTO ’96, LNCS, vol. 1109, pp. 104–113. Springer-Verlag, 1996.Google Scholar
- 9.J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997. Online version available at URL http://www.cacr.math.uwaterloo.ca/hac/
- 11.National Bureau of Standards. Data encryption standard. Federal Information Processing Standards Publication 46, U.S. Department of Commerce, January 1977.Google Scholar
- 12.National Institute of Standards and Technology. Advanced Encryption Standard. Federal Information Processing Standards Publication 197, U.S. Department of Commerce, November 2001.Google Scholar