A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks

Liron David, Avishai Wool*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

24 Scopus citations

Abstract

Enumeration of cryptographic keys in order of likelihood based on side-channel leakages has a significant importance in cryptanalysis. The best optimal-order key enumeration algorithms have a huge space complexity of Ω(nd/2) when there are d subkeys and n candidate values per subkey. In this paper, we present a parallelizable algorithm that enumerates the keys in near-optimal order but enjoys a much better space complexity of O(d2w+dn) for a design parameter w which can be tuned to available RAM. Before presenting our algorithm, we provide lower and upper bounds on the guessing entropy of the full key in terms of the easy-to-compute guessing entropies of the individual subkeys. We use these results to quantify the near-optimality of our algorithm’s ranking, and to bound its guessing entropy. Finally, we evaluate our algorithm through extensive simulations, to show the advantages of our new algorithm in practice, on realistic SCA scenarios. We show that our algorithm continues its nearoptimal- order enumeration far beyond the rank at which the optimal algorithm fails due to insufficient memory.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages311-327
Number of pages17
DOIs
StatePublished - 1 Jan 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10159
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Dive into the research topics of 'A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks'. Together they form a unique fingerprint.

Cite this