An adversary may attempt to extract meaningful information from a cryptographic system using various approaches. In one approach, the adversary may attempt to uncover theoretical vulnerabilities in the cryptographic system. In another approach, the adversary may attempt to exploit weaknesses in the administrative or technical environment associated with the cryptographic system. Generally, these types of attacks often make a direct attempt to obtain secret information, e.g., through mathematical analysis, system “hacking,” or simple guile.
A side-channel attack, by contrast, attempts to extract secret information in indirect fashion by observing the physical characteristics of the cryptographic system in the course of its operation. That is, the cryptographic system is composed of one or more electrical computers. In the course of operation, the cryptographic system exhibits physical behavior. An adversary may capture this behavior and then attempt to correlate this behavior with secret information. For example, the adversary may measure the physical characteristics of a computer over a span of time as it decrypts messages using a secret key. The adversary may hope to assemble enough information over this span of time to enable it to reconstruct the secret key.
An adversary may exploit various physical characteristics of a cryptographic system. For example, the adversary may capture: a) the length of time the system takes to perform operations; b) the amount of power consumed by the system in performing its operations; c) the electromagnetic radiation (or even noise) emitted by the system in the course of performing its operations, and so on. In any case, the cryptographic system may be said to “leak” information which can be potentially exploited by an adversary. An adversary which attempts to exploit leaked information is said herein to mount a leakage-type attack.
The industry has attempted to thwart these types of attacks in various ways, e.g., by proposing both physical and algorithmic safeguards that attempt to reduce the leakage of meaningful information. Yet there remains room for considerable improvement in this field.