Cryptography Reference
In-Depth Information
7
The Cryptographic Imagination
The laboratory setup displayed in figure 7.1 captures an intriguing dimen-
sion of modern cryptography. Hovering just above the surface of a com-
puter chip, a simple homemade sensor measures the electromagnetic
leakage that occurs as the chip performs the steps of a cryptographic algo-
rithm. Various statistical treatments are then applied to these measure-
ments in order to estimate the bits of the secret key and thus break the
algorithm. Such
side-channel
cryptanalysis was pioneered by Paul Kocher
in 1999, when he realized that the mathematics of a cryptosystem could
be subverted by adopting a completely different route than that envisioned
by its designers:
Integrated circuits are built out of individual transistors, which act as voltage-con-
trolled switches. Current flows across the transistor substrate when charge is applied
to (or removed from) the gate. This current then delivers charge to the gates of other
transistors, interconnect wires, and other circuit loads. The motion of electric charge
consumes power and produces electromagnetic radiation, both of which are exter-
nally detectable. Therefore,
individual transistors produce externally observable electrical
behavior
.
1
In an announcement that rocked the cryptography world, Kocher dem-
onstrated that both public- and secret-key cryptosystems were vulnerable
to such attacks and that although it is possible to defend against them, the
necessary countermeasures involve some significant cost or efficiency
trade-offs: either the physical devices must be shielded, or algorithms must
be fortified by “introducing noise into measurements, decorrelating inter-
nal variables from secret parameters, and temporally decorrelating crypto-
graphic operations.” Thus, just like the Enigma machine operators in
World War II (see “Electromechanical Devices” in chapter 2), chips must
