DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Collision Attacks on AES-Based MAC: Alpha-MAC
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Two New Techniques of Side-Channel Cryptanalysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Unknown Plaintext Template Attacks
Information Security Applications
DES with any reduced masked rounds is not secure against side-channel attacks
Computers & Mathematics with Applications
Principles on the security of AES against first and second-order differential power analysis
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Algebraic side-channel attacks
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
A fast and provably secure higher-order masking of AES S-box
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Multimedia Tools and Applications
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Hi-index | 0.00 |
At FSE 2003 and 2004, Akkar and Goubin presented several masking methods to protect iterated block ciphers such as DES against Differential Power Analysis and higher-order variations thereof. The underlying idea is to randomize the first few and last few rounds of the cipher with independent masks at each round until all intermediate values depend on a large number of secret key bits, thereby disabling power attacks on subsequent inner rounds. We show how to combine differential cryptanalysis applied to the first few rounds of the cipher with power attacks to extract the secret key from intermediate unmasked (unknown). values, even when these already depend on all secret key bits. We thus invalidate the widely believed claim that it is sufficient to protect the outer rounds of an iterated block cipher against side-channel attacks.