Learn More
The ability to make meaningful comparisons between side-channel distinguishers is important both to attackers seeking an optimal strategy and to designers wishing to secure a device against the strongest possible threat. The usual experimental approach requires the distinguishing vectors to be estimated: outcomes do not fully represent the inherent(More)
The literature on side-channel analysis describes numerous masking schemes designed to protect block ciphers at the implementation level. Such masking schemes typically require the computation of masked tables prior to the execution of an encryption function. In this paper we revisit an attack which directly exploits this computation in such a way as to(More)
Side-channel attacks using only a single trace crucially rely on the capability of reliably extracting side-channel information (e.g. Hamming weights of intermediate target values) from traces. In particular, in original versions of simple power analysis (SPA) or algebraic side channel attacks (ASCA) it was assumed that an adversary can correctly extract(More)
The resistance of cryptographic implementations to side channel analysis is matter of considerable interest to those concerned with information security. It is particularly desirable to identify the attack methodology (e.g. dierential power analysis using correlation or distance-of-means as the distinguisher) able to produce the best results. Attempts to(More)
A generic DPA strategy is one which is able to recover secret information from physically observable device leakage without any a priori knowledge about the device's leakage characteristics. Here we provide much-needed clarication on results emerging from the existing literature, demonstrating precisely that such methods (strictly dened) are inherently(More)
Performance targets are commonly used in the public sector, despite their well known problems when organisations have multiple objectives and performance is difficult to measure. It is possible that such targets may work where there is considerable consensus that performance needs to be improved. We investigate this possibility by examining the response of(More)
A theme of recent side-channel research has been the quest for distinguishers which remain eective even when few assumptions can be made about the underlying distribution of the measured leakage traces. The Kolmogorov-Smirnov (KS) test is a well known non-parametric method for distinguishing between distributions, and, as such, a perfect candidate and an(More)
A theme of recent side-channel research has been the quest for distinguishers which remain eective even when few assumptions can be made about the underlying distribution of the measured leakage traces. The Kolmogorov-Smirnov (KS) test is a well known non-parametric method for distinguishing between distributions, and, as such, a perfect candidate and an(More)
Project co-funded by the European Commission within the 7th Framework Programme Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group specied by the consortium (including the Commission services) CO Condential, only for members of the consortium (including the Commission(More)
Following the pioneering CRYPTO '99 paper by Kocher et al. differential power analysis (DPA) was initially geared around low-cost computations performed using standard desktop equipment with minimal reliance on device-specific assumptions. In subsequent years, the scope was broadened by, e.g., making explicit use of (approximate) power models. An important(More)