Showing papers on "Timing attack published in 1999"
Patent•
29 Sep 1999TL;DR: In this paper, a secure cryptographic device such as an IC card which can endure TA (Timing Attack), DPA (Differential Power Analysis), SPA (Simple Power Analysis) or the like as an attaching method of presuming secret information held therein is presented.
Abstract: To provide a secure cryptographic device such as an IC card which can endure TA (Timing Attack), DPA (Differential Power Analysis), SPA (Simple Power Analysis), or the like as an attaching method of presuming secret information held therein, when the secret information held in the card or another information which is used in the secret information or an arithmetic operation using such secret information when such an arithmetic operation is performed is shown by a plurality of expressing methods and the arithmetic operation is performed, thereby making an arithmetic operation processing method different each time the arithmetic operation is performed and making each of an arithmetic operation time, an intensity of a generated electromagnetic wave, and a current consumption different.
43 citations
TL;DR: This work shows that a timing attack yields the Hamming weight of the key used by both DES implementations, and shows that all the design characteristics of the target system can be inferred from timing measurements.
Abstract: We study the vulnerability of two implementations of the Data Encryption Standard (DES) cryptosystem under a timing attack. A timing attack is a method, recently proposed by Paul Kocher, that is designed to break cryptographic systems. It exploits the engineering aspects involved in the implementation of cryptosystems and might succeed even against cryptosys-tems that remain impervious to sophisticated cryptanalytic techniques. A timing attack is, essentially, a way of obtaining some users private information by carefully measuring the time it takes the user to carry out cryptographic operations. In this work, we analyze two implementations of DES. We show that a timing attack yields the Hamming weight of the key used by both DES implementations. Moreover, the attack is computationally inexpensive. We also show that all the design characteristics of the target system, necessary to carry out the timing attack, can be inferred from timing measurements.
42 citations
01 Jan 1999
TL;DR: This abstract shows that timing channels can, and often do, leak key material, and outlines attacks that can be secret exponents in Di e-Hellman key exchange, factor RSA keys, and DSS secret parameters.
Abstract: Cryptosystems often take slightly di erent amounts of time to process di erent messages With network-based cryptosystems, cryptographic tokens, and many other applications, attackers can measure the amount of time used to complete cryptographic operations This abstract shows that timing channels can, and often do, leak key material The attacks are particularly alarming because they often require only known ciphertext, work even if timing measurements are somewhat inaccurate, are computationally easy, and are di cult to detect This preliminary draft outlines attacks that can nd secret exponents in Di e-Hellman key exchange, factor RSA keys, and nd DSS secret parameters Other symmetric and asymmetric cryptographic functions are also at risk A complete description of the attack will be presented in a full paper, to be released later I conclude by noting that closing timing channels is often more di cult than might be expected
25 citations
Patent•
29 Sep 1999
TL;DR: In this article, a secure cryptographic device such as of an IC card capable of resisting an attacking method for inferring the internally stored secret information, such as TA (Timing Attack), DPA (Differential Power Analysis) or SPA (Simple Power Analysis).
Abstract: A secure cryptographic device such as of an IC card capable of resisting an attacking method for inferring the internally stored secret information, such as TA (Timing Attack), DPA (Differential Power Analysis) or SPA (Simple Power Analysis). The internally held secrete information is operated in a different manner each time by expressing the secret information and other information used for the operation, thereby making different the operation time, the intensity of radiated electromagnetic wave, and the current consumption.
17 citations
09 Aug 1999
TL;DR: The generalized interpolation attacklinear sum attack is presented, an algorithm that efficiently evaluates the security of byte-oriented ciphers against linear sum attack and the relationship between linear sum attacked and higher order differential attack is shown.
Abstract: Interpolation attack was presented by Jakobsen and Knudsen at FSE'97 Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts In other words, it is difficult to evaluate the security against interpolation attack This paper generalizes the interpolation attack The generalization makes easier to evaluate the security against interpolation attack We call the generalized interpolation attack linear sum attack We present an algorithm that efficiently evaluates the security of byte-oriented ciphers against linear sum attack Moreover, we show the relationship between linear sum attack and higher order differential attack In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm
9 citations