Efficiency considerations in using semi-random sources
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
The Design of Rijndael
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A stochastic model for differential side channel cryptanalysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Practical leakage-resilient pseudorandom generators
Proceedings of the 17th ACM conference on Computer and communications security
Extractors against side-channel attacks: weak or strong?
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Towards super-exponential side-channel security with efficient leakage-resilient PRFs
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Practical leakage-resilient pseudorandom objects with minimum public randomness
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
This paper discusses the security of a leakage-resilient stream cipher presented at FOCS 2008, instantiated in a practical setting. Based on a case study, we put forward implementation weaknesses that can be exploited in a key-recovery attack. We first show that in our experimental context (8-bit device, Hamming weight leakages, Gaussian noise), a successful attack against the investigated stream cipher has lower data complexity than a similar attack against an unprotected AES implementation. We then analyze the origin of the observed weaknesses and relate them with the implementation of extractor that is used in the investigated stream cipher. We finally discuss the implications of these results for the design of leakage-resilient primitives and provide guidelines to improve the construction of FOCS 2008 and its underlying components.