Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Securing the AES Finalists Against Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Differential Power Analysis in the Presence of Hardware Countermeasures
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An Implementation of DES and AES, Secure against Some Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On two DES implementations secure against differential power analysis in smart-cards
Information and Computation
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Two New Techniques of Side-Channel Cryptanalysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Attacking State-of-the-Art Software Countermeasures--A Case Study for AES
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation
Information Security Applications
Blind differential cryptanalysis for enhanced power attacks
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Provably secure masking of AES
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Provably secure s-box implementation based on fourier transform
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Enhanced DES implementation secure against high-order differential power analysis in smartcards
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Practical second-order DPA attacks for masked smart card implementations of block ciphers
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
An efficient masking scheme for AES software implementations
WISA'05 Proceedings of the 6th international conference on Information Security Applications
ACM Transactions on Information and System Security (TISSEC)
An improved side channel attack using event information of subtraction
Journal of Network and Computer Applications
| Hi-index | 0.00 |
The Advanced Encryption Standard (AES) is a 128-bit block cipher that is currently being widely used in smartcards. Differential Power Analysis (DPA) is a powerful technique used to attack a cryptographic implementation in a resource-limited application environment like smartcards. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How many rounds of the beginning and end parts of an AES implementation should be protected in order to resist practical DPA attacks, namely first and second-order DPA attacks? Implementation designers may think that it is sufficient to protect the first and last one (or one and a half) rounds of AES, leaving the inner rounds unprotected or protected by simple countermeasures. In this paper, we show that power leakage of some intermediate values from the more inner rounds of AES can be exploited to conduct first and/or second-order DPA attacks by employing techniques such as fixing certain plaintext/ciphertext bytes. We give five general principles on DPA vulnerability of unprotected AES implementations, and then give several general principles on DPA vulnerability of protected AES implementations. These principles specify which positions of AES are vulnerable to first and second-order DPA. To justify the principles, we attack two recently proposed AES implementations that use two kinds of countermeasures to achieve a high resistance against power analysis, and demonstrate that they are even vulnerable to DPA. Finally, we conclude that at least the first two and a half rounds and the last three rounds should be secured for an AES implementation to be resistant against first and second-order DPA in practice.