Key recovery from partial information

The security of deployed protocols not only relies on the hardness of the underlying mathematical problem but also on the implementation of the algorithms involved. Many fast modular exponentiation algorithms have piled up over the years and some implementations have brought vulnerabilities that are exploitable by side-channel attacks, in particular cache attacks.
        In this talk, we consider key recover methods when partial information is recovered from a side channel. In particular, we will focus on lattice constructions for methods such as the Hidden Number Problem and the Extended Hidden Number Problem in order to optimize the key recovery.