Questions tagged as ['side-channel-attack']

attacks using information leaked by implementations of cryptographic algorithms to obtain information about keys or (plaintext) data, instead of (or additional to) using cryptographic weaknesses.
Score: 1
Is it okay to avoid a plaintext IV in AES?
ke flag

The scenario

Using AES 256 with CBC mode. (Authentication is done separately. Ignored here.)

The goal (explained more later)

To avoid sending an unencrypted IV.

But since this is being done using .NET whose function forces us to use an IV, we can't just prepend 16 random bytes and then toss away the first 16 bytes after decryption.

The plan

Prepend 16 random bytes ("IV1"), and besides that use 16 b ...

Score: 2
NB_1907 avatar
What is reaction attack?
us flag

In the paper of "Reaction Attacks against Several Public-Key Cryptosystems" CiteSeerX link, reaction attack is defined informally as "Obtaining information about the private key or plaintext by watching the reaction of someone decrypting a given ciphertext with the private key."

Is reaction attack explicitly defined in literature? What is the difference between fault attack and reaction attack -as defin ...

Score: 5
NB_1907 avatar
Post-quantum algorithms and side channel attacks
us flag

I am studying finalist algorithms of NIST Post-Quantum Cryptography Standardization. I noticed that almost all third party cryptanalysis papers consist of side-channel attacks. Why are classical cryptanalysis methods -algebraic, mathematical attacks etc.- more effective on classical algorithms than post-quantum algorithms?

In addition, I know that mathematical problems behind post-quantum algorit ...

Score: 2
Evgeni Vaknin avatar
Threshold implementation of ciphers
za flag

What is the principle behind threshold implementation of block ciphers and how is this protecting against side channel attacks?

Score: 3
Hanno avatar
Protecting AES via Shamir Secret Sharing
ru flag

This is about the paper Protecting AES with Shamir's Secret Sharing Scheme by Louis Goubin and Ange Martinelli which describes how to use Shamir Secret Sharing to obtain masked implementations of AES.

The end of section 3.1 suggests that the $\text{GF}(2)$-affine transformation $A$ involved in the definition of the AES S-Box is compatible with SSS in the sense that if $(x_i,y_i)$ is an SSS sharing of

Score: 1
caveman avatar
How is the Argon2d side channel attack performed?
in flag

How should the adversary behave in order to perform a successful side channel attack against Argon2d?

I'm trying to understand the scenario that Argon2i tries to resist against.

Score: 1
DannyNiu avatar
What are the security implications of RSA decryption of ciphertext >= modulus?
vu flag

While reading through the sections about decryption in PKCS#1 v2.2, I noticed that the decryption algorithms are required to output the failure symbol: decryption error when the RSA maths subroutine reports ciphertext representative out of range.

While notes on security consideration says padding removal should be a "poker-face" process, it didn't say anything about ciphertext being out of the decipherabl ...

Score: 2
Randomization of ECDSA signing operations to prevent SCA
us flag

A large number of SCA papers that talk about ECDSA mention the need for blinding/randomisation of the signing process, typically with a single-sentence comment about replacing the projective coordinates (X,Y,Z) with randomised ones (lambda^2X,lambda^3Y,lambda*Z) and declaring the problem solved, but nothing really seems to provide any detail of what specific steps are required. In particular looking at  ...

Score: 1
Hormoz avatar
How feasible is it to guess the private key of libsodium by taking into account generation time?
us flag

So suppose you are doing this locally (so no network noise), and know the exact specifics of your processor too. Is it feasible to figure out the private key (while having access to the public-key) generated by libsodium based on the time it takes to generate a key-pair?

What about other algorithms, how feasible is this in general?