Abstract

Most cryptosystems are designed and evaluated at a mathematical level. Attackers, however, will always target the physical realisation of a system which is much more complicated (see [14] for discussion of this disconnect). Real-world electronic implementations of ciphers will usually leak additional information to attackers in the form of side-channels such as timing, power consumption, electromagnetic radiation, heat, noise, and more. In many cases, an attacker can combine side-channel information with the observed input and/or output of a cryptographic algorithm to recover secret information. It is important to draw a distinction between side-channel cryptanalysis and related physical attacks. Compromising Emanation attacks or tempest attacks utilise electromagnetic emanations from computers to recover secret data, for example using electromagnetic radiation from a computer screen to recover the text being displayed [11] (for a survey, see chapter 17 of [1]). Tempest attacks target secret information directly, completely bypassing the cryptographic keys. Invasive or semi-invasive attacks, in contrast, involve physical manipulation of a target system to extract secret information, for example by unpackaging a chip and reading secret data stored in its memory using a micro-probe or a microscope (see [4, 2] for a survey of physical attacks and defences). In contrast, side-channel attack present a unique challenge in that an attacker gains some additional