While working on the tail end of a side channel attack paper, the author came up with a new analytic form for Renyi entropy used in the type of hidden markov model used in the side channel attack. Pretty solid piece of work.
I am not super familiar with the use of Renyi entropy in HMMs, but it looks pretty generally interesting; something that can be used to find recurrence maps in general.
They're talking about computing k^m mod p. In the era where you can get a sense for what operations have taken place based on fingerprints left in the cache, timing, etc, the algorithms for computing it are ideally designed to be hardened against it. That is, given knowledge of the sorts of operations that have taken place, how many bits of the secret that is being computed can be recovered? They demonstrate that more bits than previously thought can be practicably recovered from an actual implementation of RSA by using clever statistical modeling and ideas from information theory.
Could somebody explain this like I am 5 years old?
While working on the tail end of a side channel attack paper, the author came up with a new analytic form for Renyi entropy used in the type of hidden markov model used in the side channel attack. Pretty solid piece of work.
I am not super familiar with the use of Renyi entropy in HMMs, but it looks pretty generally interesting; something that can be used to find recurrence maps in general.
I want to meet the 5 year old that can understand this.
Thanks I’ll have to brush up on my computer science theory before tackling this.
Your ELI5 needs an ELI5 :)
They're talking about computing k^m mod p. In the era where you can get a sense for what operations have taken place based on fingerprints left in the cache, timing, etc, the algorithms for computing it are ideally designed to be hardened against it. That is, given knowledge of the sorts of operations that have taken place, how many bits of the secret that is being computed can be recovered? They demonstrate that more bits than previously thought can be practicably recovered from an actual implementation of RSA by using clever statistical modeling and ideas from information theory.
This is much easier to digest, thank you. What's the significance of computing k^m mod p in this context?
LOL his headings appear to use the same font as David Mackay's excellent free book on information theory!
http://www.inference.org.uk/itila/book.html