Defend encryption systems against side-channel attacks

Pankaj Rohatgi, Technical Director, Cryptography Research Division, Rambus
EDN (March 16, 2015)

From its ancient origin as a tool for protecting sensitive wartime or espionage-related messages, cryptography has become a foundational building-block for securing the systems, protocols, and infrastructure that underpin our modern interconnected world. But the physical mechanisms used in performing encryption and decryption can leak information, making it possible to bypass this security. Protecting designs against such side-channel attacks starts with understanding how such attacks operate.

At its very essence, cryptography is a branch of mathematics dealing with efficiently computable transforms that convert inputs to outputs using additional data known as a cryptographic key. These transforms have the property that, despite observing many input/output pairs, it remains infeasible to compute or invert the transform without the knowledge of the key.

An example of a cryptographic transformation is the symmetric-key based Advanced Encryption Standard (AES-256). An AES-256 encryption device that has access to a 256-bit secret cryptographic key, can transform any sensitive message - known as plaintext - into an unintelligible form known as the ciphertext. Anyone observing the ciphertext, without knowing the plaintext or the key, cannot recover the plaintext or the key. Further, even an observer who knows or can choose the plaintext and can observe the corresponding ciphertext can still not recover the secret key being using within the encryption device. However, any AES decryption device that has access to the same 256-bit secret key as the encrypting device, can readily recover the plaintext from the ciphertext.

Click here to read more ...