Simulatable Leakage: Analysis, Pitfalls, and New Constructions

Jake Longo, Daniel P Martin, M E Oswald, Daniel Page, Martijn Stam, Mike Tunstall

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

9 Citations (Scopus)


In 2013, Standaert \emph{et al.} proposed the notion of simulatable leakage to connect theoretical leakage resilience with the practice of side channel attacks. Their use of simulators, based on physical devices, to support proofs of leakage resilience allows verification of underlying assumptions: the indistinguishability game, involving real vs. simulated leakage, can be `played' by an evaluator. Using a concrete, block cipher based leakage resilient PRG and high-level simulator definition (based on concatenating two partial leakage traces), they included detailed reasoning why said simulator (for AES-128) resists state-of-the-art side channel attacks. \\\\ In this paper, we demonstrate a distinguisher against their simulator and thereby falsify their hypothesis. Our distinguishing technique, which is evaluated using concrete implementations of the Standaert \emph{et al.} simulator on several platforms, is based on `tracking' consistency (resp. identifying simulator {\em in}consistencies) in leakage traces by means of cross-correlation. In attempt to rescue the approach, we propose several alternative simulator definitions based on splitting traces at points of low intrinsic cross-correlation. Unfortunately, these come with significant caveats, and we conclude that the most natural way of producing simulated leakage is by using the underlying construction `as is' (but with a random key).
Original languageEnglish
Title of host publicationAdvances in Cryptology - ASIACRYPT 2014
PublisherSpringer Berlin Heidelberg
Number of pages20
ISBN (Electronic)9783662456118
ISBN (Print)9783662456101
Publication statusPublished - 7 Dec 2014

Publication series

NameLecture Notes in Computer Science
PublisherLecture Notes in Computer Science
ISSN (Electronic)0302-9743


Dive into the research topics of 'Simulatable Leakage: Analysis, Pitfalls, and New Constructions'. Together they form a unique fingerprint.

Cite this