CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Defeating classical hardware countermeasures: a new processing for side channel analysis
Proceedings of the conference on Design, automation and test in Europe
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Side-channel leakage of masked CMOS gates
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Defeating any secret cryptography with SCARE attacks
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Masking with randomized look up tables
Cryptography and Security
Efficient removal of random delays from embedded software implementations using hidden markov models
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
From Cryptography to Hardware: Analyzing Embedded Xilinx BRAM for Cryptographic Applications
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
A low-entropy first-degree secure provable masking scheme for resource-constrained devices
Proceedings of the Workshop on Embedded Systems Security
Hi-index | 0.00 |
Physical attacks based on Side Channel Analysis (SCA) or on Fault Analysis (FA) target a secret usually manipulated by a public algorithm. SCA can also be used for Reverse Engineering (SCARE) against the software implementation of a private algorithm. In this paper, we claim that an unknown Feistel scheme with an hardware design can be recovered with a chosen plaintexts SCA attack. First, we show that whatever is the input of the unknown Feistel function, its one-round output can be guessed by SCA. Using this relation, two attacks for recovering the algorithm are proposed : an expensive interpolation attack on a generic Feistel scheme and an improved attack on a specific but commonly used scheme. Then, a countermeasure is proposed.