Publications Details
Side Channel Considerations for SHA-512
We consider a theoretical side-channel attack on SHA-512; the attack should easily generalize to other algorithms in the SHA-2 family. Rather than looking at a side-channel attack on an HMAC, which has been done in various papers, we assume that the targeted device is applying the hash function as a pseudo-random function (prf) in order to generate a secret key from a secret seed, as recommended by NIST. The analyst uses side-channel information to try to recover the secret seed. We use entropy/information theory to show how one might judge whether or not a side-channel attack might be possible and/or feasible, and we show how the design of the implementation can affect the feasibility of an attack.