International Association for Cryptologic Research (IACR)
Abstract
Although power LEDs have been integrated in various
devices that perform cryptographic operations for decades, the
cryptanalysis risk they pose has not yet been investigated.
In this paper, we present optical cryptanalysis, a new form
of cryptanalytic side-channel attack, in which secret keys are
extracted by using a photodiode to measure the light emitted
by a device’s power LED and analyzing subtle fluctuations in
the light intensity during cryptographic operations. We analyze
the optical leakage of power LEDs of various consumer
devices and the factors that affect the optical SNR. We then
demonstrate end-to-end optical cryptanalytic attacks against
a range of consumer devices (smartphone, smartcard, and
Raspberry Pi, along with their USB peripherals) and recover
secret keys (RSA, ECDSA, SIKE) from prior and recent
versions of popular cryptographic libraries (GnuPG, Libgcrypt,
PQCrypto-SIDH) from a maximum distance of 25 meter
