公开(公告)号：US20200313845A1

公开(公告)日：2020-10-01

申请号：US16089304

申请日：2017-03-28

Applicant: INSTITUT MINES-TELECOM

Inventor： Olivier RIOUL ,  Sylvain GUILLEY

IPC: H04L9/00 ,  H04L9/06

Abstract: A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values. The secret key estimation device is configured to determine the secret key from the statistical distribution of the plurality of sets of leakage traces using an estimation algorithm according to the maximization of a performance metric.

公开(公告)号：US20180365195A1

公开(公告)日：2018-12-20

申请号：US16060947

申请日：2016-12-08

Applicant: INSTITUT MINES-TELECOM

Inventor： Olivier RIOUL ,  Sylvain GUILLEY

IPC: G06F17/18 ,  G06N7/00 ,  G06F17/16 ,  G06F21/55 ,  H04L9/36

Abstract: A secret value estimation device is provided for determining an estimate of at least one secret value used by at least one cryptographic mechanism implemented in a cryptographic system from a statistical distribution of a set of multivariate leakage traces determined by a leakage traces statistical distribution unit. Each leakage trace being a vector comprises a plurality of random values, the number of said random values being an integer number superior or equal to 1, the statistical distribution being a function of parametric linear combinations of a set of leakage model basis vectors representing a multivariate leakage model, the number of basis vectors being an integer number superior or equal to 1, and the linear combinations being defined by a matrix of real values.

公开(公告)号：US20170270307A1

公开(公告)日：2017-09-21

申请号：US15529048

申请日：2014-11-25

Applicant: INSTITUT MINES-TELECOM

Inventor： Sylvain GUILLEY ,  Annelie HEUSER ,  Olivier RIOUL

IPC: G06F21/60 ,  H04L9/06 ,  G06F21/72 ,  G06F21/55

CPC classification number: G06F21/602 ,  G06F21/556 ,  G06F21/72 ,  H04L9/002 ,  H04L9/0618 ,  H04L2209/12

Abstract: A method for recovering secret data of a cryptographic device comprises: a) determining stochastic models of leakages relating respective measurable quantities to internal states or operations of the cryptographic device, the number of greater than the number of masks used by the cryptographic device to conceal the secret data; b) sending command sequences to the device, where each command sequence causes the device to perform a cryptographic operation on at least one respective plaintext using the secret data and the masks; c) during processing of each cryptographic operation, recording a series of measurements of measurable quantities; and d) computing an estimator of secret data by maximizing the conditional joint probability of the recorded measurements given the corresponding plaintexts, averaged over all possible values of the masks. A method for evaluating the security of a cryptographic device is provided.