Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [side-channel-attack]

attacks using information leaked by implementations of cryptographic algorithms to obtain information about keys or (plaintext) data, instead of (or additional to) using cryptographic weaknesses.

Examples include measuring timing, power consumption, electromagnetic radiation or sound, while an implementation performs the algorithm.

Social engineering (e.g. convincing people with legitimate knowledge of the secrets to share them) is not considered a side channel attack (and off topic on crypto.stackexchange.com).

220 questions
10
votes
2 answers

Information-theoretic bound on leakage by timing measurement

I'm looking for an information-theoretic bound on leakage by timing measurement. I'm assuming that an attacker wants to leak out of a black box a secret key of $k$ bits that is secretly injected into the black box; has written the black box's code…
fgrieu
  • 140,762
  • 12
  • 307
  • 587
8
votes
3 answers

Are there any symptoms of a side channel attack on the target chip?

I would like to know if there are some symptoms that let me detect if my integrated circuit is actually subject to a side channel attack. For example, are the following potential indicators? Energy consumption becomes too high Temperature becomes…
user6652926
  • 183
  • 1
  • 7
4
votes
1 answer

Have crypto side-channel attacks happened in the wild?

I'm aware of attacks extracting information via timing and volume. But none that care or attack the actual cryptographic algorithm implementation or end up extracting the key. Seeking examples if any for such attacks which happened outside the lab,…
Meir Maor
  • 11,835
  • 1
  • 23
  • 54
4
votes
2 answers

Montgomery Powering Ladder and Side Channel Attacks: Is it practically (im-)possible to analyze where intermediate values are stored?

The Montgomery Powering Ladder performs an exponentiation with the operations square and multiply (called double and add in the case of elliptic curves). To my knowledge the order and kind of operations involved are independent from the exponent,…
maya
  • 139
  • 5
4
votes
2 answers

Power analysis and exponentiation by squaring

I am trying to understand how one can retrieve the secret exponent via a simple power analysis. Lets suppose that the exponentiation by squaring algorithm is implemented in its simplest form : Function exp-by-squaring(x,n) if n<0 then return…
Mael
  • 41
  • 1
4
votes
1 answer

How did the power measurements translate to AES Key?

A side channel attack is described here. I did not quite get , how the power measurements are used to get the decryption key , can any body explain it?
sashank
  • 6,174
  • 4
  • 32
  • 67
3
votes
1 answer

Correlation Power Analysis on AES - possible attack models

As far as I know it is possible to extract the key or key parts using side channel power analysis attack on AES, but we need some strong attacker model in order to do that. The first attack I know about is attacking the first AES round, comparing…
user100099
  • 31
  • 2
3
votes
0 answers

Neural networks in Differential Power Analysis?

I am trying to understand how neural networks are used to do DPA, but I am having trouble understand DPA. My current understanding is that with DPA, we are just guessing one piece of a key at a time, and DPA tells us if our guess is correct or…
Aux
  • 31
  • 2
3
votes
1 answer

What could be the side-channel attacks countermeasures other than secure memory overwriting?

I'm seeking guidance on mitigating side-channel attacks in a cryptographic application where securely overwriting memory with zeros after use may not always be feasible. While I understand the importance of this practice in preventing memory…
Hern
  • 159
  • 1
  • 10
2
votes
1 answer

Role of AND operation in Side Channel Security

I was going through a side channel protection. It seems in the 3-shares (Appendix A) or 4-shares (Appendix B) has some computations that grows with the number of AND operations. My question: Is there any standard metric by which I can measure the…
hola
  • 603
  • 6
  • 22
2
votes
0 answers

Side Channel Attack Evaluation Methods

I am studying the SCA Evaluation method success rate, and I have a doubt regarding to it. From my understanding, to calculate success rate, first we have a pool of traces all using same key and random inputs (let's say 10000 traces). The success…
Fangtastic
  • 21
  • 3
2
votes
1 answer

Timing Side Channel on error-correcting code

This question may be a basic question but it is not clear to me at the moment. I have an Error Correcting Code (ECC) in a key-encapsulation scheme designed for post-quantum cryptography which operates on secret data. The ECC I am using is constant…
jonnyx
  • 123
  • 3
2
votes
0 answers

Side-channel attacks for ARM conditional instructions

I'm implementing some cryptographic functions on an ARM Cortex-M4 and would like to be safe against side-channel attacks, like power and timing attacks. For efficiency I'd like to use conditional versions of common single-cycle instructions such as…
Emil
  • 133
  • 4
2
votes
1 answer

why sbox input XOR sbox output can be sensitive data of side channel attack?

As several intermediate values are used as sentive data for side channel analysis (DPA), I don't understand why sbox input ^ sbox output is also wide-used and effective. This value does not applied in AES algorithm.
ramenpeddler
  • 21
  • 1
1
vote
1 answer

Could affine transformation mod 2^128 be a side-channel attack problem

DFC cipher uses affine transformations mod $2^{64}+13$. Soon after DFC's publication, Ian Harvey raised the concern that reduction modulo a 65-bit number was beyond the native capabilities of most platforms, and that careful implementation would be…
Tom
  • 1,221
  • 6
  • 16
1
2