Blind Differential Cryptanalysis for Enhanced Power Attacks

  • Helena Handschuh
  • Bart Preneel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


At FSE 2003 and 2004, Akkar and Goubin presented several masking methods to protect iterated block ciphers such as DES against Differential Power Analysis and higher-order variations thereof. The underlying idea is to randomize the first few and last few rounds of the cipher with independent masks at each round until all intermediate values depend on a large number of secret key bits, thereby disabling power attacks on subsequent inner rounds. We show how to combine differential cryptanalysis applied to the first few rounds of the cipher with power attacks to extract the secret key from intermediate unmasked (unknown) values, even when these already depend on all secret key bits. We thus invalidate the widely believed claim that it is sufficient to protect the outer rounds of an iterated block cipher against side-channel attacks.


differential cryptanalysis power analysis side channel attacks Hamming weights combined cryptanalysis blind cryptanalysis 


  1. 1.
    Akkar, M.-L., Bevan, R., Dischamp, P., Moyart, D.: Power Analysis, What Is Now Possible..... In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489–502. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Akkar, M.-L., Bevan, R., Goubin, L.: Two Power Analysis Attacks against One-Mask Methods. In: Roy, B.K., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 332–347. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Akkar, M.-L., Goubin, L.: A Generic Protection against High-Order Differential Power Analysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 192–205. Springer, Heidelberg (2003)Google Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. J. Cryptology 4(1), 3–72 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Koç, Ç.K., Naccache, D., Paar, C. (eds.): CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  6. 6.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener [24], pp. 398–412Google Scholar
  7. 7.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis (The “Duplication” Method). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  9. 9.
    Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener [24], pp. 388–397Google Scholar
  11. 11.
    Kunz-Jacques, S., Muller, F., Valette, F.: The Davies-Murphy Power Attack. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 451–467. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye and Quisquater [8], pp. 176–190Google Scholar
  13. 13.
    Messerges, T.S.: Securing the AES Finalists Against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    National Institute of Standards and Technology (NIST) FIPS Publication 46-3: Data Encryption Standard (1999)Google Scholar
  16. 16.
    National Institute of Standards and Technology (NIST). FIPS Publication 197: Advanced Encryption Standard (AES) (2001)Google Scholar
  17. 17.
    Ohta, K., Matsui, M.: Differential Attack on Message Authentication Codes. In: Stinson [22], pp. 200–211Google Scholar
  18. 18.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Preneel, B., Nuttin, M., Rijmen, V., Buelens, J.: Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds. In: Stinson [22], pp. 212–223Google Scholar
  20. 20.
    Rao, J.R., Sunar, B. (eds.): CHES 2005. LNCS, vol. 3659. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  21. 21.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack. In: Joye and Quisquater [8], pp. 163–175Google Scholar
  22. 22.
    Stinson, D.R. (ed.): CRYPTO 1993. LNCS, vol. 773. Springer, Heidelberg (1994)zbMATHGoogle Scholar
  23. 23.
    Walter, C.D., Koç, Ç.K., Paar, C. (eds.): CHES 2003. LNCS, vol. 2779. Springer, Heidelberg (2003)zbMATHGoogle Scholar
  24. 24.
    Wiener, M.J. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Helena Handschuh
    • 1
  • Bart Preneel
    • 2
  1. 1.Spansion, 7 Avenue Georges Pompidou, 92593 Levallois-Perret CedexFrance
  2. 2.Katholieke Universiteit Leuven, Dept. Electrical Engineering-ESAT/COSIC, Kasteelpark Arenberg 10, B-3001 Leuven-HeverleeBelgium

Personalised recommendations