We propose a novel approach for quantifying a system's resis-tance to unknown-message side-channel attacks. The approach is basedon a measure of the secret information that an attacker can extract froma system from a given number of side-channel measurements. We providean algorithm to compute this measure, and we use it to analyze the re-sistance of hardware implementations of cryptographic algorithms withrespect to timing attacks. In particular, we show that message-blinding- the common countermeasure against timing attacks - reduces the rateat which information about the secret is leaked, but that the completeinformation is still eventually revealed. Finally, we compare informa-tion measures corresponding to unknown-message, known-message, andchosen-message attackers and show that they form a strict hierarchy.
展开▼