In this paper, we introduce a new approach to side-channel key recovery, that combines the low time/memory complexity and noise tolerance of standard (divide and conquer) differential power analysis with the optimal data complexity of algebraic side-channel attacks. Our fundamental contribution for this purpose is to change the way of expressing the problem, from the system of equations used in...

The wiretap channel put forward by Wyner for many years. In this paper, we consider the situation that the wiretapper can not only view the channel output via a second noisy channel, but also can get some side information about the codeword that transmitted in the main noisy channel. The designer tries to build the encoder-decoder in such a way as to maximize the transmission rate R, and the eq...

Side channel collision attacks are a powerful method to exploit side channel leakage. Otherwise than a few exceptions, collision attacks usually combine leakage from distinct points in time, making them inherently bivariate. This work introduces the notion of near collisions to exploit the fact that values depending on the same sub-key can have similar while not identical leakage. We show how s...

More and more embedded devices store sensitive information that is protected by means of cryptography. The confidentiality of this data is threatened by information leakage via side channels like the power consumption or the electromagnetic radiation. In this paper, we show that the side-channel leakage in the power consumption is not limited to the power-supply lines and that any input/output ...

Side-channel attacks are an important concern for the security of cryptographic implementations and their fair evaluation is a challenge for the certification of cryptographic products. In this survey, I will tackle the question of the best methods and tools for the objective evaluation of leaking devices, and discuss their limitations. For this purpose, I will first attempt to define a side-ch...

Side-channel cryptanalysis is a new research area in applied cryptography that has gained more and more interest since the midnineties. It considers adversaries trying to take advantage of the physical specificities of actual cryptographic devices. These implementationspecific attacks frequently turn out to be much more efficient than the best known cryptanalytic attacks against the underlying ...

Side-channel attacks are a powerful tool to discover the cryptographic secrets of a chip or other device but only too often do they require too many traces or leave too many possible keys to explore. In this paper we show that for side channel attacks on discrete-logarithmbased systems significantly more unknown bits can be handled by using Pollard’s kangaroo method: if b bits are unknown then ...

One prominent countermeasure against side-channel attacks, especially differential power analysis (DPA), is fresh re-keying. In such schemes, the so-called re-keying function takes the burden of protecting a cryptographic primitive against DPA. To ensure the security of the scheme against side-channel analysis, the re-keying function has to withstand both simple power analysis (SPA) and differe...

Classical cryptography considers attack scenarios of adversaries getting black-box access to a cryptosystem, namely to its inputs and outputs. For example, in a chosenciphertext attack, an adversary can submit ciphertexts of her choice to a decryption oracle and receives in return the corresponding plaintexts. In real life, however, an adversary may be more powerful. For example, an adversary m...

We present results of a systematic investigation of leakage of compromising information via electromagnetic (EM) emanations from CMOS devices. These emanations are shown to consist of a multiplicity of signals, each leaking somewhat different information about the underlying computation. We show that not only can EM emanations be used to attack cryptographic devices where the power side–channel...