How Leaky Is an Extractor?

13 years 1 months ago
How Leaky Is an Extractor?
This paper discusses the security of a leakage-resilient stream cipher presented at FOCS 2008, instantiated in a practical setting. Based on a case study, we put forward implementation weaknesses that can be exploited in a key-recovery attack. We first show that in our experimental context (8-bit device, Hamming weight leakages, Gaussian noise), a successful attack against the investigated stream cipher has lower data complexity than a similar attack against an unprotected AES implementation. We then analyze the origin of the observed weaknesses and relate them with the implementation of extractor that is used in the investigated stream cipher. We finally discuss the implications of these results for the design of leakage-resilient primitives and provide guidelines to improve the construction of FOCS 2008 and its underlying components.
François-Xavier Standaert
Added 29 Jan 2011
Updated 29 Jan 2011
Type Journal
Year 2010
Authors François-Xavier Standaert
Comments (0)