Universite Bordeaux 1
Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this paper, while numerous works have investigated the implementation properties of block ciphers such as the AES rijndael, very little is known about the application of side-channel attacks against extractor implementations.