Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of the simple power analysis (SPA) and differential power analysis (DPA) techniques. The difference between these two attacks is that DPA is more sophisticated and involves statistical analysis using a larger sample set. There have been prior attempts to address the SPA and DPA attacks [2,3,5,6,7,12]. These counter measures can be classified into three types as performed in [5] First, random timing shifts and noises can be added such that computed means for power consumption do not correspond to the same instruction. However, the difficulty in the protection process is to ensure such random ....

E. Biham, A. Shamir. Power Analysis of The Key Scheduling of The AES Candidates. Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

....current flowing through the power lines of an operating microprocessor is dependent on the processed data. The following paragraphs describe and compare the types of power analysis that are currently examined. The hypotheses and results we discuss can be found in the recent publications [4] 5] [3]. A. Simple Power Analysis and Di#erential Power Analysis Power analysis di#ers from most physical attack methods (see [1] and [2] in many respects. First, it is not invasive and can thus be performed in a few instants; therefore, it can be used if a card based action performed by an ordinary ....

....Yet, they also claim that SPA is only possible for conditional branching instructions. Still, the corresponding quantitative results are not exposed. This triggered our desire to determine how e#ectively Hamming weights, and not merely transition counts, really can be found. Biham and Shamir [3] propose a method which enables the attacker to identify the key scheduling process dur 4 We observe that those addresses could be generated randomly for every single smartcard (a kind of fingerprint addressing) to find out which addresses a certain card uses, it would thus be necessary to ....

[Article contains additional citation context not shown here]

E. Biham and A. Shamir, Power Analysis of Key Scheduling of the AES Candidates, Proceedings of the Second AES Candidate Conference, 1999.

....of attacks that look for information about the secret key of a cryptographic algorithm, by studying the electric consumption of the electronic device during the execution of the computation. The initial focus was on symmetrical cryptosystems such as DES (see [10, 14] and the AES candidates (see [1, 3, 6]) but public key cryptosystems have since been shown to be also vulnerable to the DPA attacks (see [15, 5, 9] Therefore, the research for countermeasures has considerably increased. In [6] Daemen and Rijmen proposed several countermeasures, including the insertion of dummy code, power ....

Eli Biham and Adi Shamir, \Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

....to power consumption. The attack was successfully applied to a DES implementation; as few as 1000 encryptions were sufficient to recover the secret key [14] More recently, the resistance of smart card implementations of the AES candidates against monitoring power consumption was considered in [1, 3, 5]. The conclusion was that straightforward implementations of AES candidates were highly vulnerable to power analysis. In this paper we show that naive implementations of ECC are also highly vulnerable to power analysis. The paper is organized as follows. After recalling the principle of EC ....

....should not depend on the data being processed, e.g. there should not be any branch instructions conditioned by the data. It is easy to modify algorithm 1 to achieve this goal : Algorithm 1 (Double and add resistant against SPA) input P Q[0] P for i from Gamma 2 to 0 do Q[0] 2Q[0] Q[1] Q[0] P Q[0] Q[d i ] output Q[0] 3.2 DPA against double and add algorithm In this section we describe a DPA against an implementation of algorithm 1 . We assume that the algorithm is performed in constant time. Otherwise the implementation may be subject to timing attack [13] and Simple ....

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

....weakness. This raises an issue that has had significant consequences in practice, particularly in connection with power analysis attacks. At the present time, two attacks are known that exploit implicit key schedule weaknesses; these are discussed below. 3.6.3.1 A Power Analysis Variant In Ref. [13], the authors employed a variant of power analysis to attack the finalists key schedules in environments in which power analysis is feasible. Their approach correlated the power consumed during the operation of the algorithm with the number of ones in a subkey byte. Evaluating the number of ones ....

....to generate subkeys from the original key; conversely, redundancy in this process inhibits the attack by lowering the rank. However, even if the full original key cannot be recovered, it may still be possible to obtain some information about the original key. If the power analysis attack in Ref. [13] could be effected, a rough classification of the finalists by key schedule is as follows: Some implicit weakness: MARS, RC6 and Rijndael. An attack may reveal some information about the original key. No weakness: Serpent and Twofish. Even if the attack were feasible in some instance, the ....

[Article contains additional citation context not shown here]

E. Biham and A. Shamir, Power Analysis of the Key Scheduling of the AES Candidates, in The Second AES Candidate Conference, printed by The National Institute of Standards and Technology, Gaithersburg, MD, March 22-23, 1999, pp. 115-121.

....schedule weaknesses; these are discussed below. NIST has not verified these attacks. Hence, implicit key schedule weaknesses did not play a significant role in determining advancement to Round 2. These attacks, and defenses against them, require further study. 2.5.3. 1 A Power Analysis Variant In [6], the authors employ a variant of power analysis to attack the key schedules of the candidates when implemented in smart cards. Their approach correlates power consumed with the number of ones in a byte of a subkey. Evaluating the number of ones yields an equation involving the bits of the master ....

....weaknesses: LOKI97, MARS, RC6, and Rijndael. Attack may reveal some information about the master key. c. No weakness: MAGENTA, Serpent, and Twofish. d. FROG, HPC: these are not well suited to smart card or similar applications in which key schedule weaknesses are typically exploited. Note: [6] should be consulted for the precise conditions under which the above attack can be executed. Saying that a candidate is vulnerable to the attack presupposes that the attack is in fact feasible for a given implementation of a candidate. As in Sec. 2.5.2, vulnerability to this type of attack is not ....

[Article contains additional citation context not shown here]

E. Biham and A. Shamir, Power analysis of the key scheduling of the AES candidates, The Second AES Conference, March 22-23, 1999, pp 115-121.

No context found.

Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

No context found.

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

E. Biham and A. Shamir, "Power analysis of the key scheduling of the AES candidates," in Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy, 1999.

No context found.

Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

No context found.

E. Biham, A. Shamir, Power Analysis of the Key Scheduling of the aes Candidates, presented at the 2nd aes Candidate Conference, Rome, Mar. 22-23 1999.

No context found.

Eli Biham, Adi Shamir, Power Analysis of the Key Scheduling of the aes Candidates, presented at the 2nd aes Candidate Conference, Rome, Mar. 22-23 1999.

No context found.

Eli Biham, Adi Shamir, Power Analysis of the Key Scheduling of the aes Candidates, presented at the Second aes Candidate Conference, Rome, Italy, March 22-23, 1999.

No context found.

Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

No context found.

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

E. Biham and A. Shamir. Power Analysis of the Key Scheduling of the AES Candidates. Second Advanced Encryption Standard (AES) Candidate Conference, 1999.

No context found.

E. Biham and A. Shamir. Power Analysis of the Key Scheduling of the AES Candidates. In Proceedings of the Second AES Candidate Conference (AES2), Rome, Italy, March 1999. Available at http://csrc. nist.gov/encryption/aes/aes_home.htm.

No context found.

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

No context found.

E. Biham, A. Shamir. Power Analysis of The Key Scheduling of The AES Candidates. Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

E. Biham and A. Shamir. Power analysis of the key scheduling of the aes candidates. In 2nd AES Candidates Conference, March 1999.

No context found.

E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115-121.

No context found.

Eli Biham and Adi Shamir, "Power Analysis of the Key Scheduling of the AES Candidates", in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.

No context found.

E. Biham and A. Shamir. Power analysis of the key scheduling of the AES candidates. In Proceedings of The Second AES Candidate Conference, pages 115#121. March 22-23, 1999.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC