Rank estimation with bounded error via exponential sampling

Liron David*, Avishai Wool

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Efficient rank estimation algorithms are of prime interest in security evaluation against side channel attacks (SCA) and recently also for password strength estimators. In a side channel setting it allows estimating the remaining security after an attack has been performed, quantified as the time complexity and the memory consumption required to brute force the key given the leakages as probability distributions over d subkeys (usually key bytes). In password strength estimators the rank estimation allows estimating how many attempts a password cracker would need until it finds a given password. We propose ESrank, the first rank estimation algorithm with a bounded error ratio: its error ratio is bounded by γ2d-2, for any probability distribution, where d is the number of subkey dimensions and γ> 1 can be chosen according to the desired accuracy. ESrank is also the first rank estimation algorithm that enjoys provable poly-logarithmic time and space complexity. Our main idea is to use exponential sampling to drastically reduce the algorithm’s complexity. We evaluated the performance of ESrank on real SCA and password strength corpora. We show ESrank gives excellent rank estimation with roughly a 1-bit margin between lower and upper bounds in less than 1 second on the SCA corpus and 4 seconds preprocessing time and 7μsec lookup time on the password strength corpus.

Original languageEnglish
Pages (from-to)151-168
Number of pages18
JournalJournal of Cryptographic Engineering
Issue number2
StatePublished - Jun 2022


  • Password strength estimation
  • Rank estimation, Key enumeration
  • Side channel


Dive into the research topics of 'Rank estimation with bounded error via exponential sampling'. Together they form a unique fingerprint.

Cite this