A Timing Attack on RC5

Authors:
Helena Handschuh;Howard M. Heys
Affiliations:
-;-
Venue:
SAC '98 Proceedings of the Selected Areas in Cryptography
Year:
1998

Citing 2
Cited 10

A Timing Attack on RC5

SAC '98 Proceedings of the Selected Areas in Cryptography
On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology

A Timing Attack on RC5

SAC '98 Proceedings of the Selected Areas in Cryptography
Probing Attacks on Tamper-Resistant Devices

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Timing Attack on Blakley's Modular Multiplication Algorithm, and Applications to DSA

ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
The program counter security model: automatic detection and removal of control-flow side channel attacks

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Addressing covert termination and timing channels in concurrent information flow systems

Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Probabilistic Information Flow Security

Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Security in a Model for Long-running Transactions

Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Observation Based System Security

Fundamenta Informaticae - Special Issue on Concurrency Specification and Programming (CS&P)
Network Information Flow

Fundamenta Informaticae - SPECIAL ISSUE ON CONCURRENCY SPECIFICATION AND PROGRAMMING (CS&P 2005) Ruciane-Nide, Poland, 28-30 September 2005
High-order timing attacks

Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes a timing attack on the RC5 block encryption algorithm. The analysis is motivated by the possibility that some implementations of RC5 could result in the data-dependent rotations taking a time that is a function of the data. Assuming that encryption timing measurements can be made which enable the cryptanalyst to deduce the total amount of rotations carried out during an encryption, it is shown that, for the nominal version of RC5, only a few thousand ciphertexts are required to determine 5 bits of the last half-round subkey with high probability. Further, it is shown that it is practical to determine the whole secret key with about 220 encryption timings with a time complexity that can be as low as 228.