Side-channel collision attacks were proposed in [1] and applied to AES in [2]. These are based on detecting collisions in certain positions of the internal state after the first AES round for different executions of the algorithm. The attack needs about 40 measurements and 512 MB precomputed values as well as requires the chosen-plaintext possibility. In this paper we show how to mount a collis...

Naive implementations of crypto-algorithms are susceptible to side-channel analysis. This talk surveys the known methods for preventing side-channel analysis in elliptic curve cryptosystems.

Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel...

Side-channel attacks exploit the fact that the implementations of cryptographic algorithms leak information about the secret key. In power analysis attacks, the observable leakage is the power consumption of the device, which is dependent on the processed data and the performed operations. Masking is a widely used countermeasure to thwart the powerful Differential Power Analysis (DPA) attacks. ...

This paper presents an approach for side channel cryptanalysis with iterative approximate Bayesian inference, based on sequential decoding methods. Reliability information about subkey hypotheses is generated in the form of likelihoods, and sets of subkey hypothesis likelihoods are optimally combined into key bit log likelihood ratios. The redundancy of expanded keys in multi-round cryptographi...

This paper gives a motivation for the design of memoryhard key derivation functions (KDFs), a summary of a memory-hard password-based key derivation function called scrypt, and an overview of cache timing attacks. A cache timing attack against scrypt is introduced and described in detail. Finally, additional work necessary to implement the attack and measures to prevent the attack are discussed...

In this paper we formalize the notion of leakage attacks on iterated block ciphers, in which the attacker can find (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be typically represented by low degree multivariate polynomials, cube...

This thesis is about side-channel analysis of the SHA-3 competition winner Keccak and a similar algorithm Ascon. During the operation of such an algorithm on a device information will leak in many different ways. In this thesis we only look at the information that is leaked by the power consumption of a device. This leakage can be exploited with a technique called DPA. With DPA one tries to obt...

We survey a number of attacks on cryptographic systems which depend on measuring physical characteristics of such systems whilst a given cryptographic operation is carried out. Such measurements could include the time needed to perform certain operations, the power consumed or any electromagnetic radiation produced. As such the physical measurement is producing a side-channel for the cryptograp...

Since side-channel analysis was introduced in the mid-1990s, it has permanently been enhanced and become a reliable method for cryptanalysts to break physical implementations of cryptographic algorithms. Recently, these methods have become of interest to be used for reverse engineering program code running on microcontrollers (e.g., [QS02], [No03]), which are often used in security critical env...