Abstract
Quantifying the side channel security of implementations has been a significant research question for several years in academia but also among real world side channel practitioners. As part of security evaluations, efficient key rank estimation algorithms were devised, which in contrast to analyses based on subkey recovery, give a holistic picture of the security level after a side channel attack. However, it has been observed that outcomes of rank estimations show a huge spread in precisely the range of key ranks where enumeration could lead to key recovery. These observations raise the question whether this is because of insufficient rank estimation procedures, or, if this is an inherent property of the key rank. Furthermore, if this was inherent, how could key rank outcomes be translated into practically meaningful figures, suitable to analysing the risk that real world side channel attacks pose? This paper is a direct response to these questions. We experimentally identify the key rank distribution and show that it is independent of different distinguishers and signal-to-noise ratios. Then we offer a theoretical explanation for the observed key rank distribution and determine how many samples thereof are required for a robust estimation of some key parameters. We discuss how this can be naturally integrated into real world side channel evaluation practices. We conclude our research by connecting non-parametric order statistics, in particular percentiles, in a practically meaningful way with business goals.
Original language | English |
---|---|
Title of host publication | Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, Proceedings |
Editors | Jung Hee Cheon, Tsuyoshi Takagi |
Publisher | Springer Verlag |
Pages | 548-572 |
Number of pages | 25 |
ISBN (Print) | 9783662538869 |
DOIs | |
Publication status | Published - 2016 |
Event | 22nd International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2016 - Hanoi, Viet Nam Duration: 4 Dec 2016 → 8 Dec 2016 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 10031 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 22nd International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2016 |
---|---|
Country/Territory | Viet Nam |
City | Hanoi |
Period | 4/12/16 → 8/12/16 |
Bibliographical note
Funding Information:Dan Martin, Luke Mather, and Elisabeth Oswald were supported in part by EPSRC via the grants EP/I005226/1 and EP/N011635/1. This work was carried out using the computational facilities of the Advanced Computing Research Centre, University of Bristol http://www.bris.ac.uk/acrc/ .
Publisher Copyright:
© International Association for Cryptologic Research 2016.
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science