Advertisement

Basics of Side-Channel Analysis

  • Marc Joye

Introduction

Classical cryptography considers attack scenarios of adversaries getting black box access to a cryptosystem, namely to its inputs and outputs. For example, in a chosen ciphertext attack, an adversary can submit ciphertexts of her choice to a decryption oracle and receives in return the corresponding plaintexts. In real life, however, an adversary may be more powerful. For example, an adversary may in addition monitor the execution of the cryptosystem under attack and collect some side-channel information, such as the execution time or the power consumption. The idea behind side-channel analysis is to infer some secret data from this extra information.

This chapter presents several applications of side-channel analysis using different types of side-channel leakage. The primary goal is to explain the basic principles of side-channel analysis through concrete examples. Simple countermeasures to prevent side-channel leakage are also discussed. More sophisticated methods and...

Keywords

Smart Card Encryption Algorithm Advance Encryption Standard Differential Power Analysis Power Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    C. Batut, K. Belabas, D. Bernardi, H. Cohen, and M. Olivier. Pari/GP. Freely available at URL http://pari.math.u-bordeaux.fr
  2. 2.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, 1993.Google Scholar
  3. 3.
    M. Bellare and P. Rogaway. The exact security of digital signatures. In Advances in Cryptology – EUROCRYPT ’96, LNCS vol. 1070, pp. 399–416. Springer, 1996.Google Scholar
  4. 4.
    D. Boneh, G. Durfee, and Y. Frankel. Exposing an RSA private key given a small fraction of its bits. In K. Ohta and D. Pei, editors, Advances in Cryptology – ASIACRYPT ’98, LNCS vol. 1514, pp. 25–34. Springer-Verlag, 1998.CrossRefGoogle Scholar
  5. 5.
    J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In J. J. Quisquater and B. Schneier, editors, Smart Card Research and Applications (CARDIS ’98), LNCS, vol. 1820, pp. 167–182. Springer-Verlag, 2000.CrossRefGoogle Scholar
  6. 6.
    G. Hachez and J.-J. Quisquater. Montgomery exponentiation with no final subtractions: Improved results. In Ç. K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2000, LNCS, vol. 1965, pp. 293–301. Springer-Verlag, 2000.CrossRefGoogle Scholar
  7. 7.
    P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology – CRYPTO ’99, LNCS, vol. 1666, pp. 388–397. Springer-Verlag, 1999.Google Scholar
  8. 8.
    P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology – CRYPTO ’96, LNCS, vol. 1109, pp. 104–113. Springer-Verlag, 1996.Google Scholar
  9. 9.
    J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997. Online version available at URL http://www.cacr.math.uwaterloo.ca/hac/
  10. 10.
    P. L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44(170):519–521, 1985.MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    National Bureau of Standards. Data encryption standard. Federal Information Processing Standards Publication 46, U.S. Department of Commerce, January 1977.Google Scholar
  12. 12.
    National Institute of Standards and Technology. Advanced Encryption Standard. Federal Information Processing Standards Publication 197, U.S. Department of Commerce, November 2001.Google Scholar
  13. 13.
    R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    C. D. Walter. Montgomery exponentiation needs no final subtractions. Electronics Letters, 35(21):1831–1832, 1999.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.Thomson R&D FranceAmerica

Personalised recommendations