CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Power-Analysis Attack on an ASIC AES implementation
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Investigations of power analysis attacks on smartcards
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Collision Attacks on AES-Based MAC: Alpha-MAC
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Two New Techniques of Side-Channel Cryptanalysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Improved side-channel collision attacks on AES
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Template attacks in principal subspaces
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Improved collision-correlation power analysis on first order protected AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Overcoming significant noise: correlation-template-induction attack
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Statistical tools flavor side-channel collision attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Unified and optimized linear collision attacks and their application in a non-profiled setting
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
First-order collision attack on protected NTRU cryptosystem
Microprocessors & Microsystems
| Hi-index | 0.00 |
In this paper, two efficient multiple-differential methods to detect collisions in the presence of strong noise are proposed - binary and ternary voting. After collisions have been detected, the cryptographic key can be recovered from these collisions using such recent cryptanalytic techniques as linear [1] and algebraic [2] collision attacks. We refer to this combination of the collision detection methods and cryptanalytic techniques as multiple-differential collision attacks(MDCA).When applied to AES, MDCA using binary voting without profiling requires about 2.7 to 13.2 times less traces than the Hamming-weight based CPA for the same implementation. MDCA on AES using ternary voting with profiling and linear key recovery clearly outperforms CPA by requiring only about 6 online measurements for the range of noise amplitudes where CPA requires from 163 to 6912 measurements. These attacks do not need the S-box to be known. Moreover, neither key nor plaintexts have to be known to the attacker in the profiling stage.