the secret key. In other words, in the use-case of Ele-
phant, retrieving the encryption key is equivalent to
retrieving the initial state of the LFSR.
Our attack is based on the fact that an attacker can
retrieve the Hamming weights of the different bytes
in the LFSR. The Elephant design, where there exist
relations between the different internal states of the
LFSR, is an added vulnerability to our attack. In half
the cases, the key is retrieved in less than two days.
Different tweaking options have been considered.
Going from the most impactful to the least, they are:
changing the mask derivation for domain separation;
modifying the LFSR, looking at the importance of
depth and type.
Future works may include the inclusion of noise in
the simulations, or even better performing the attack
on an actual implementation.
This research is part of the chair CyberCNI.fr with
support of the FEDER development fund of the Brit-
tany region.
Blind Side Channel on the Elephant LFSR