Security Evaluations Beyond Computing Power How to Analyze Side-Channel Attacks You Cannot Mount?
Concrete security evaluations are at the core of cryptographic research. Taking the example of symmetric cryptography, they are at the same time central in formal definitions of security (e.g. as introduced by Bellare et al.) and in the evaluation of attacks such as linear and differential cryptanalysis. Their goal is to provide bounds on the success probability of an adversary as a function of the resources she expends, typically measured in time, data and memory. But somewhat surprisingly, while such concrete (and complete) evaluations are usual in the context of mathematical cryptanalysis, they appear much harder to obtain in the context of physical cryptanalysis, even for "classical" attacks such as Kocher et al.'s Differential Power Analysis (DPA).