Secure communication of sensitive information between electronic devices over unsecured channels has become commonplace with the development of methods to encrypt and decrypt such sensitive information. Two broad categories of these encryption techniques are symmetric and asymmetric encryption, both of which are widely used today. Symmetric encryption involves the use of a secret key known by both a transmitter and receiver of sensitive information. Using the same secret key, the transmitter can encrypt the data and the receiver can decrypt the data upon receipt. One often-utilized example of symmetric encryption is the Advanced Encryption Standard (AES), which uses a series of key-specific processing steps to transform an input message into an encrypted message and a series of corresponding decryption steps to retrieve the original message at the receiver.
Asymmetric encryption, on the other hand, utilizes two related keys: a public key and a private key. The public key is universally available and may be utilized by any transmitting device who wishes to send sensitive information to a particular receiver. The private key, however, which is necessary to decrypt the data encrypted with the public key, is known only by the receiver. Thus, any message that is encrypted and transmitted using the public key may only be decrypted in a reasonable amount of time by the receiver that possesses the corresponding private key. One prevalent asymmetric encryption algorithm is the Rivest-Shamir-Adleman (RSA) algorithm, which utilizes modular exponentiation to generate the public and private keys needed for secure communication. Another popular asymmetric encryption scheme is Elliptic Curve Cryptography (ECC), which is based on the algebraic structure of elliptic curves and assumes that finding the discrete logarithm of an elliptic curve with respect to a public base point is infeasible to compute.
Though each of these methods of encryption and decryption have proven reliable, each is vulnerable to potential information leakage through side-channel attack methods. For a specific cryptographic algorithm being utilized, if the behavior of the algorithm can be monitored externally by a third party (e.g. a hacker), data-dependent behavior can be flagged and potentially used to determine the key or secret that the cryptographic algorithm is using. For example, during such a side-channel attack, one may attempt to hack a device to determine secret information by studying a timing profile, power consumption, electromagnetic field characteristics, or the like, associated with a computer device during encryption or decryption processes. Using such side-channel attack methods, a hacker may potentially glean valuable information regarding the start time of the execution of a cryptographic algorithm, the timing of ones and zeros in a secure communication, operation, and/or key, or any other information that would allow the hacker to more easily break a cipher and eventually gain access to secret data.
One such side-channel attack is referred to as a timing attack, wherein a third party seeks to recover leaked information regarding secret data based on the time necessary to complete an operation and/or or asymmetry between performing an operation on a one versus a zero. For example, to decrease the amount of time and resources necessary to perform an operation on one or more numbers (e.g., addition, multiplication) some systems may be configured to drop or otherwise ignore leading zeros inherent to one or more of the numbers of the operation. Thus, where two 1,000-digit numbers are being added and both of the numbers have 900 leading zeros, such an operation will take significantly less time to complete than an addition of two 1,000-digit numbers having no leading zeros if the adding system is configured to drop leading zeros. By monitoring the amount of time necessary to complete such an operation, a third party may garner some quantum of information regarding the original numbers of the operation. Aggregated over many operations, the third party may glean enough information from such timing attacks that it may recover a private key and decipher information communicated to or from the observed device using the obtained key.