Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Differential fault analysis on AES key schedule and some countermeasures
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Design of a differential power analysis resistant masked AES S-box
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Hi-index | 0.00 |
Recently, many research works have been conducted about how to carry out physical cryptanalysis on cryptographic devices by exploiting any possible leaked information through side channels. Research results were also reported on how to develop countermeasures against existing physical cryptanalysis. However, very little attention has been paid to deal with the possible mutual relationship between different kinds of physical cryptanalysis when designing a specific countermeasure. In this paper, it is pointed out that enhanced implementations of the Rijndael cipher (AES) against timing cryptanalysis and simple power cryptanalysis (SPA) may unfortunately become more vulnerable to the differential power cryptanalysis (DPA). Technically speaking, based on Sommer's work and experiments presented in CHES 2000, this new DPA on the above mentioned Rijndael implementations enables a much more significant observable peak within the differential power trace. This makes the DPA attack be more easier with fewer required power traces.