Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
Paul C. Kocher 1996
Abstract. By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing... .
Early work on timing analysis which is followed by other papers.
Investigations of Power Analysis on Smartcards
Thomas S. Messerges et al. May 1999
Abstract. The paper presents actual results from monitoring smartcard power signals and introduces techniques that help maximize such side-channel information... .
Schematic of power consumption measuring connections. A number of 8-bit uC-based smartcards were examined in this setup. Bit changes are observed at Vscope point of the setup.
The corresponding: bit transitions versus power consumption are presented as Hamming weight showing how the data affect power levels.
Comments on the Security of the AES and the XSL Technique
S. Murphy and M.J.B. Robshaw
Abstract.This note gives some background information relevant to recent claims of key recovery attacks on the AES.
Memories: A Survey of Their Secure Uses in Smartcards
Michael Neve et al.
Abstract. Smartcards are widely known for their tamper resistance, but only contain a small amount of memory. Though very small, this memory often contains highly valuable information (identification data, cryptographic key, etc). This is why it is subject to many attacks, as the other parts of the smartcard, and thus requires appropriately chosen protections.
The use of memories in smartcards induces security problems, but also other more particular ones. The main constraint is naturally the limited physical expansion and integration, but fault level, aging and power consumption are not to be discarded. Indeed, deducing the context of a ROM using a microscope has been proven to work. Interactions with light or eddy current on silicon can produce faults that might reveal important information, as well.
This article details the role of memory in smartcard industries, in current context and future perspectives of smartcards and their applications. It then gives a survey of published physical attacks targeting memory and all the existing techniques to counter them.
Great efforts are under taken by industries and academics to tackle specific memory problems introducing hardware and software countermeasures in the designs.
3 classes in the taxonomy of attackers.
Leakage of information: Those so-called side-channels consider the processor under test as a blackbox where the attacker can only measure external signals: execution duration, power consumption, electromagnetic radiation, local temperature and any external manifestation of the internal processes.
Techniques of Side Channel Cryptanalysis
J. A. Muir 2001
Abstract (informally). This thesis surveys the techniques of side channel cryptanalysis developed by Kocher , Boneh, DeMillo and Lipton , and Kocher, Jaffe and Jun  and shows how side channel information can be used to break implementations of DES and RSA. Some specific techniques covered include the timing attack, differential fault analysis, simple power analysis and differential power analysis. Possible defenses against each of these side channel attacks are also discussed.
Illustrate real world model in replace for the traditional Alice and Bob cryptographic model where sidechannels are added: timing attack, differential fault analysis, simple power analysis, and differential power analysis. The thesis website is last updated in Mar 2004.
A Collision-Attack on AES Combining Sidechannel-and Diﬀerential-Attack
No author given
Abstract. Very recently a new class of attack was proposed against DES which combines internal collisions with side-channe linformation leakage. It had not been obvious, however, how this attack applies to non-Feistel ciphers with bijective S-boxes such as the Advanced Encryption Standard (AES).
Collisions occur when two different inputs can produce the same output.
Does collision exists in AES?
A Collision Attack on 7 Rounds of Rijndael
Henri Gilbert et al.
Abstract. ...the attack is based upon an efficient distinguisher between 3 Rijndael inner rounds and a random permutation... we construct an efficient distinguisher... by exploiting the existence of collisions between some partial functions induced by the cipher. ... minimal number of rounds... is 10, our attack does not endangered the security of the cipher....improvements of the previously known cryptanalytic results on Rijndael.
Analysis of the WinZip Encryption Method
Tadayoshi Kohno Mei 8, 2004
Abstract. WinZip is a popular compression
utility for MicrosoftWindows computers,the latest version of which is advertised
as having “easy-to-use AES encryption to protect your sensitive data." We
exhibit several attacks against WinZip's new encryption method, dubbed “AE-2" or
“Advanced Encryption, version two." We then discuss secure alternatives. Since
at a high level the underlying WinZip encryption method appears secure (the core
is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one
of our attacks was made possible because of the way that
WinZip Computing, Inc. decided to
fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.
Multiplicative Masking and Power Analysis of AES
Jovan Dj.Golić et al. 2003
Abstract. The recently proposed multiplicative masking countermeasure against power analysis attacks on AES is interesting as it does not require the costly recomputation and RAM storage of S-boxes for every run of AES. This is important for applications where the available space is very limited such as the smartcard applications. Unfortunately,it is here shown that this method is in fact inherently vulnerable to differential power analysis. However, it is also shown that the multiplicative masking method can be modified so as to provide resistance to differential power analysis of non ideal but controllable security level, at the expense of increased computational complexity. Other possible random masking methods are also discussed.
The multiplicative masking is done by altering the inversion step in S-Box through the use of modified inverse GF(2^8) where masks are introduced with additions. The Hamming weight is used as a model for the power consumption used for DPA attack. Also mentioned here: the previous methods of masking using data splitting and random masks.
Master Thesis: A Study on Securing AES against Differential Power Analysis
Hwasun Chang Dec 29, 2003
Abstract (shorten). Major credit card companies are planning to convert most of credit cards with magnetic stripe into smartcards within a few years. And usage of smartcards are increasing in such ﬁelds like transportation, electronic money, ID cards, etc.
In this thesis, simple ﬁxed-value masking method that is resistant to SODPA and more effcient than previous methods is proposed and analyzed. The required memory for storing mask is 33% of previous method and the number of XOR operation for applying mask is 18% of previous method. In practice, the reduction of memory usage will not affect the overall algorithm size much. But reducing the number of XOR operations can improve the algorithm performance by about 10% in 32 bit smartcards optimized for speed. To prevent SODPA, we can make it hard for an attacker to catch the time when the mask is accessed and select mask for each round. In analysis process, the required properties of the generated masks, the appropriate number of masks, the required additional processing and memory for implementing the proposed counter measure, and the security of the proposed method are suggested.
A master thesis. Simple ﬁxed-value masking method an improvement from the Jovan Golic et al. multiplicative masking. Itoh et al. referenced here suggest fixed-value masking, fixed masks and modified
S-Box are stored in ROM. Below is the paper version of the thesis.
Securing AES against Second-Order DPA by Simple Fixed-Value Masking
Hwasun Chang et al.
Abstract . Since Di erential Power Analysis (DPA) has been announced, many counter measures and improved DPAs have been proposed for many algorithms. For securing AES, masking methods were proposed as countermeasures. But all the previous masking methods have been shown to be vulnerable to second order DPA (SODPA). We propose a masking method that is resistant to SODPA and more efficient than previous methods in respect to required memory and additional processing.
AES Noise Purity Tests Results
nonpaper:Matt La Mantia 1999
"…A signal that is Pure Noise is thermodynamically
indistinguishable from a perfectly encoded and compressed semantic
message: they both look like a varying signal in which you could not predict one
bit of the signal based on the previous ones…"
La Mantia did some noise purity tests on AES candidates back then (1999). No cryptanalysis will be found here, it is based on the realistic view: practice is far from theory. The tests are purely a demonstration of each of the candidates practical differences.
Multiple randomness tests were performed on non-linear data input after 1 to 8 rounds of encryption with a constant key (NICK). In this test the same 128 bit key consisting of all 0s was used for data encryption. Input data consisted of all combinations of 4 bit 1 and 124 bit 0 out of 128 bit of the data block, therefore giving 10,668,000 combinations or 170,688,000 byte of input data for encryption and for noise purity analysis.
Possible flaw in Rijndael: input data whitening XOR does not make absolutely any difference. Also 6 and 7 rounds of encryption produce exactly the same output (!?).
I think: It isn't a full practical attack to Rijndael either. The possible flaw on 7 round was mentioned also in Henri Gilbert paper but AES is 10 rounds of Rijndael. The statement below still disclaims Rijndael weakness.
Crypto Is Key to Data Control
nonpaper:Chris Conrath April 7, 2003
Whitfield Diffie, "Whenever you have a secret, you have a vulnerability."
"However, there is no panic yet since the discussion around AES’s vulnerability is entirely theoretical," as quoted from Bruce Schneier's cryptogram.
Schneier is a world-renowned cryptographer, author of "Applied Cryptography: Protocols, Algorithm, and Source Code in C", "Secret & Lies: Digital Security in a Networked World". We can find these quoted in Budi Rahardjo's handbook of security (in Bahasa Indonesia).
Nowadays, it seems that Rijndael is still strong enough.