Skip to main content
SpringerLink
Log in

Rank estimation with bounded error via exponential sampling

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Efficient rank estimation algorithms are of prime interest in security evaluation against side channel attacks (SCA) and recently also for password strength estimators. In a side channel setting it allows estimating the remaining security after an attack has been performed, quantified as the time complexity and the memory consumption required to brute force the key given the leakages as probability distributions over d subkeys (usually key bytes). In password strength estimators the rank estimation allows estimating how many attempts a password cracker would need until it finds a given password. We propose ESrank, the first rank estimation algorithm with a bounded error ratio: its error ratio is bounded by \(\gamma ^{2d-2}\), for any probability distribution, where d is the number of subkey dimensions and \(\gamma >1\) can be chosen according to the desired accuracy. ESrank is also the first rank estimation algorithm that enjoys provable poly-logarithmic time and space complexity. Our main idea is to use exponential sampling to drastically reduce the algorithm’s complexity. We evaluated the performance of ESrank on real SCA and password strength corpora. We show ESrank gives excellent rank estimation with roughly a 1-bit margin between lower and upper bounds in less than 1 second on the SCA corpus and 4 seconds preprocessing time and 7\(\mu \)sec lookup time on the password strength corpus.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. FIPS PUB 197, advanced encryption standard (AES).: U.S. Department of Commerce/National Institute of Standards and Technology (NIST) (2001)

  2. Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The EM side-channel(s). Cryptogr. Hardw. Embedded Syst.-CHES 2003, 29–45 (2002)

    MATH  Google Scholar 

  3. Bentley, J.L., Yao, A.C.-C.: An almost optimal algorithm for unbounded searching. Inf. Process. Lett. 5(3), 82–87 (1976)

    Article  MathSciNet  Google Scholar 

  4. Bernstein, D.J., Lange, T., van Vredendaal, C.: Tighter, faster, simpler side-channel security evaluations beyond computing power. IACR Cryptolo. ePrint Arch. 2015, 221 (2015)

    Google Scholar 

  5. Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Selected Areas in Cryptography (SAC) (2015)

  6. Choudary, M.O., Popescu, P.: Back to massey: impressively fast, scalable and tight security evaluation tools. In: International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 367–386 (2017)

  7. David, L., Wool, A.: A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In: Proc. RSA Conference Cryptographers’ Track (CT-RSA’17), LNCS 10159 (San Francisco), Springer Verlag, pp. 311–327 (2017)

  8. David, L., Wool, A.: ESrank Matlab implementation (2019). https://github.com/lirondavid/ESrank

  9. David, L., Wool, A.: Online password guessability via multi-dimensional rank estimation. arXiv:1912.02551

  10. David, L., Wool, A.: An explainable online password strength estimator. In: Proceedings of 26th European Symposium on Research in Computer Security (ESORICS) (Darmstadt, Germany). October 2021

  11. Dell’Amico, M., Filippone, M.: Monte carlo strength evaluation: fast and reliable password checking. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, ACM, pp. 158–169 (2015)

  12. Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 401–429 (2015)

  13. Fledel, D., Wool, A.: Sliding-window correlation attacks against encryption devices with an unstable clock. In: Proceedings of 25th Conference on Selected Areas in Cryptography (SAC) (Calgary, Aug. 2018)

  14. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Springer, pp. 251–261 (2001)

  15. Glowacz, C., Grosso, V., Poussier, R., Schueth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. Fast Softw. Encryp. 117–129,(2015)

  16. Grosso, V.: Scalable key rank estimation (and key enumeration) algorithm for large keys. In: International Conference on Smart Card Research and Advanced Applications, Springer, pp. 80–94 (2018)

  17. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO’99, Springer, pp. 388–397 (1999)

  18. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO’96, pp. 104–113 (1996)

  19. Li, Y., Meng, X., Wang, S., Wang, J.: Weighted key enumeration for em-based side-channel attacks. In: 2018 IEEE International Symposium on Electromagnetic Compatibility and 2018 IEEE Asia-Pacific Symposium on Electromagnetic Compatibility (EMC/APEMC) IEEE, pp. 749–752 (2018)

  20. Li, Y., Wang, S., Wang, Z., Wang, J.: A strict key enumeration algorithm for dependent score lists of side-channel attacks. In: International Conference on Smart Card Research and Advanced Applications, Springer, pp. 51–69 (2017)

  21. Longo, J., Martin, D.P., Mather, L., Oswald, E., Sach, B., Stam, M.: How low can you go? using side-channel data to enhance brute-force key recovery. IACR Cryptol. ePrint Arch. 2016, 609 (2016)

    Google Scholar 

  22. Martin, D.P., Mather, L., Oswald, E.: Two sides of the same coin: counting and enumerating keys post side-channel attacks revisited. In: Cryptographers’ Track at the RSA Conference, Springer, pp. 394–412 (2018)

  23. Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp. 548–572 (2016)

  24. Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Advances in Cryptology–ASIACRYPT 2015. Springer, pp. 313–337 (2015)

  25. Pan, J., Van Woudenberg, J.G., Den Hartog, J.I., Witteman, M.F.: Improving dpa by peak distribution analysis. In: International Workshop on Selected Areas in Cryptography Springer, pp. 241–261 (2010)

  26. Poussier, R.: Key Enumeration, Rank Estimation and Horizontal Side-Channel Attacks. PhD thesis, ICTEAM Institute, (2017)

  27. Poussier, R., Grosso, V., Standaert, F.-X.: Comparing approaches to rank estimation for side-channel security evaluations. In: International Conference on Smart Card Research and Advanced Applications (CARDIS), Springer, pp. 125–142 (2015)

  28. Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Proceedings of 18th Cryptographic Hardware and Embedded Systems–CHES 2016. Springer, pp. 61–81 (2016)

  29. Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Smart Card Programming and Security. Springer, pp. 200–210 (2001)

  30. Shepherd, D.: Quantum key search with side channel advice. In: Selected Areas in Cryptography–SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16–18, 2017, Revised Selected Papers, vol. 10719, Springer, p. 407 (2018)

  31. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: International Conference on Selected Areas in Cryptography, Springer, pp. 390–406 (2012)

  32. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Advances in Cryptology—EUROCRYPT 2013. Springer, pp. 126–141 (2013)

  33. Wang, S., Li, Y., Wang, J.: A new key rank estimation method to investigate dependent key lists of side channel attacks. In: 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), IEEE, pp. 19–24 (2017)

  34. Ye, X., Eisenbarth, T., Martin, W.: Bounded, yet sufficient? how to determine whether limited side channel information enables key recovery. In: Smart Card Research and Advanced Applications (CARDIS). pp. 215–232 (2014)

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering, Tel Aviv University, Ramat Aviv, 69978, Israel

    Liron David & Avishai Wool

Authors
  1. Liron David
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Avishai Wool
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Liron David.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this paper appeared in the proceeding of the CT-RSA 2019 conference.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

David, L., Wool, A. Rank estimation with bounded error via exponential sampling. J Cryptogr Eng 12, 151–168 (2022). https://doi.org/10.1007/s13389-021-00269-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-021-00269-4

Keywords

Search

Navigation