A first-order chosen-plaintext DPA attack on the third round of DES
نویسندگان
چکیده
DPA attacks usually exhibit a “divide-and-conquer” property: the adversary needs to enumerate only a small space of the key (a key sub-space) when performing the DPA attack. This is achieved trivially in the outer rounds of a cryptographic implementation since intermediates depend on only few key bits. In the inner rounds, however, intermediates depend on too many key bits to make DPA practical or even to pose an advantage over cryptanalysis. For this reason, DPA countermeasures may be deployed only to outer rounds if performance or efficiency are critical. This paper shows a DPA attack exploiting leakage from the third round of a Feistel cipher, such as DES. We require the ability of fixing inputs, but we do not place any special restriction on the leakage model. The complexity of the attack is that of two to three DPA attacks on the first round of DES plus some minimal differential cryptanalysis.
منابع مشابه
A Practical Chosen Message Power Analysis Approach against the Key Whitening Layers on the Loop Architecture
In practice, the key whitening layer is a commonly adopted structure in symmetric ciphers, and the loop architecture is widely applied in hardware implementation of these ciphers. Up to now, conventional DPA is hard to recover the key of such ciphers, since the key whitening layer hides the input (output) of the first (last) round from the plaintext (ciphertext). In this paper, we propose a pra...
متن کاملDifferential Cryptanalysis of the full 16-round DES
of n, if p > 2 ?40:2 then the number of analyzed plaintexts is two and the complexity of the data analysis phase is 2 32. However, using about four times as many chosen plaintexts, we can use the clique algorithm (described in 1]) and reduce the time complexity of the data analysis phase to less than a second on a personal computer. The known plaintext attacks need about 2 32 p ?0:5 known plain...
متن کاملDifferential Attack on Message Authentication Codes
We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 2 pairs of plaintext, while FEAL8-MAC can be broken with 2 pairs. The proposed atta...
متن کاملAn Improved DPA Attack on DES with Forth and Back Random Round Algorithm
The power leakage problems of smart card chip during the process of DES encryption are analyzed, we propose two attack algorithms on DES with forth and back random round algorithm respectively, include the accumulative attack algorithm and segmented attack algorithm. We provided an improved analysis algorithm based on the segmented attack by using a new correctional factor: the cliffy character...
متن کامل- Only
We present a method for eecient conversion of diierential (chosen-plaintext) attacks into the more practical known-plaintext and ciphertext-only attacks. Our observation may save up to a factor of 2 20 in data over the known methods, assuming that plaintext is ASCII encoded English (or some other types of highly redundant data). We demonstrate the eeectiveness of our method by practical attacks...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017