SAC '98 Proceedings of the Selected Areas in Cryptography
On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
SAC '98 Proceedings of the Selected Areas in Cryptography
Probing Attacks on Tamper-Resistant Devices
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Timing Attack on Blakley's Modular Multiplication Algorithm, and Applications to DSA
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Probabilistic Information Flow Security
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Security in a Model for Long-running Transactions
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Observation Based System Security
Fundamenta Informaticae - Special Issue on Concurrency Specification and Programming (CS&P)
Fundamenta Informaticae - SPECIAL ISSUE ON CONCURRENCY SPECIFICATION AND PROGRAMMING (CS&P 2005) Ruciane-Nide, Poland, 28-30 September 2005
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Hi-index | 0.00 |
This paper describes a timing attack on the RC5 block encryption algorithm. The analysis is motivated by the possibility that some implementations of RC5 could result in the data-dependent rotations taking a time that is a function of the data. Assuming that encryption timing measurements can be made which enable the cryptanalyst to deduce the total amount of rotations carried out during an encryption, it is shown that, for the nominal version of RC5, only a few thousand ciphertexts are required to determine 5 bits of the last half-round subkey with high probability. Further, it is shown that it is practical to determine the whole secret key with about 220 encryption timings with a time complexity that can be as low as 228.