Strength of two Data Encryption Standard implementations under timing attacks
We study the vulnerability of several implementations of the Data Encryption Standard (DES) cryptosystem under a timing attack. A timing attack is a method designed to break cryptographic systems that was recently proposed by Paul Kocher. It exploits the engineering aspects involved in the implementation of cryptosystems and might succeed even against cryptosystems that remain impervious to sophisticated cryptanalytic techniques. A timing attack is, essentially, a way of obtaining some user's private information by carefully measuring the time it takes the user to carry out cryptographic operations.
In this work we analyze two implementations of DES. We show that a timing attack yields the Hamming weight of the key used by both DES implementations. Moreover, the attack is computationally inexpensive. We also show that all the design characteristics of the target system, necessary to carry out the timing attack, can be inferred from timing measurements. To the best of our knowledge this work is the first one that shows that symmetric cryptosystems are vulnerable to timing attacks.
KeywordsTiming Attack Maximum Likelihood Estimator Smart Card Target System Blind Signature
Unable to display preview. Download preview PDF.
- 1.Data encryption standard (DES), 1977. National Bureau of Standards FIPS Publication 46.Google Scholar
- 3.E. Biham and A. Shamir. Differential cryptanalysis of the full 16-round DES. In E. F. Brickell, editor, Advances in Cryptology — CRYPTO'92, number 740 in Lecture Notes in Computer Science, pages 494–502, Santa Barbara, California, 1993. Springer-Verlag.Google Scholar
- 4.E. Biham and A. Shamir. Differential fault analysis of secret key cryptosystems. Technical Report CS0910, Technion, Computer Science Department, 1997.Google Scholar
- 5.D. Boneh, R. A. Demillo, and R. J. Lipton. On the importance of checking cryptographic protocols for faults. In Advances in Cryptology — EUROCRYPT'97, Lecture Notes in Computer Science, pages 37–51. Springer-Verlag, 1997.Google Scholar
- 6.D. Chaum. Blind signatures for untraceable payments. In D. Chaum, R. L. Rivest, and A. T. Sherman, editors, Advances in Cryptology — CRYPTO'82, pages 199–203, Santa Barbara, California, 1983. Plenum Press.Google Scholar
- 8.E. English and S. Hamilton. Network security under siege. The timing attack. Computer, 30(5), March 1996.Google Scholar
- 9.W. Feller. An introduction to probability theory and its applications, volume I & II. John Wiley & Sons, Inc., 1966. second printing.Google Scholar
- 10.J. S. A. Kapp. RSAEuro: A cryptographic toolkit, 1996. Version 1.04 Internet Release Distribution.Google Scholar
- 11.P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology — CRYPTO'96, number 1109 in Lecture Notes in Computer Science, pages 104–113, Santa Barbara, California, 1996. Springer-Verlag.Google Scholar
- 12.A. Louko. DES package, 1992. Version 2.1, (available via FTP from kampi.hut.fi).Google Scholar
- 13.J. Markoff. Potential flaw seen in cash card security, September 26 1996. New York Times.Google Scholar
- 14.M. Matsui. The first experimental cryptanalysis of the data encryption standard. In Y. G. Desmedt, editor, Advances in Cryptology — CRYPTO'94, number 839 in Lecture Notes in Computer Science, pages 1–11, Santa Barbara, California, 1994. Springer-Verlag.Google Scholar
- 15.M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology — EUROCRYPT'93, number 765 in Lecture Notes in Computer Science, pages 386–897, Lofthus, Norway, 1994. Springer-Verlag.Google Scholar
- 16.A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, first edition, 1997.Google Scholar
- 18.S. Ross. A first course in probability. Macmillan Pub. Comp., third edition, 1988.Google Scholar
- 19.B. Schneier. Applied Cryptography: Protocols, algorithms and source code in C. John Wiley & Sons, Inc., second edition, 1996.Google Scholar
- 20.D. R. Stinson. Cryptography, Theory and Practice. CRC Press, first edition, 1995.Google Scholar
- 21.S. Zacks. The theory of statistical inference. John Wiley & Sons, Inc., 1971.Google Scholar