Strength of two Data Encryption Standard implementations under timing attacks

  • Alejandro Hevia
  • Marcos Kiwi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1380)


We study the vulnerability of several implementations of the Data Encryption Standard (DES) cryptosystem under a timing attack. A timing attack is a method designed to break cryptographic systems that was recently proposed by Paul Kocher. It exploits the engineering aspects involved in the implementation of cryptosystems and might succeed even against cryptosystems that remain impervious to sophisticated cryptanalytic techniques. A timing attack is, essentially, a way of obtaining some user's private information by carefully measuring the time it takes the user to carry out cryptographic operations.

In this work we analyze two implementations of DES. We show that a timing attack yields the Hamming weight of the key used by both DES implementations. Moreover, the attack is computationally inexpensive. We also show that all the design characteristics of the target system, necessary to carry out the timing attack, can be inferred from timing measurements. To the best of our knowledge this work is the first one that shows that symmetric cryptosystems are vulnerable to timing attacks.


Timing Attack Maximum Likelihood Estimator Smart Card Target System Blind Signature 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Data encryption standard (DES), 1977. National Bureau of Standards FIPS Publication 46.Google Scholar
  2. 2.
    E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4:3–72, 1991.CrossRefMathSciNetGoogle Scholar
  3. 3.
    E. Biham and A. Shamir. Differential cryptanalysis of the full 16-round DES. In E. F. Brickell, editor, Advances in Cryptology — CRYPTO'92, number 740 in Lecture Notes in Computer Science, pages 494–502, Santa Barbara, California, 1993. Springer-Verlag.Google Scholar
  4. 4.
    E. Biham and A. Shamir. Differential fault analysis of secret key cryptosystems. Technical Report CS0910, Technion, Computer Science Department, 1997.Google Scholar
  5. 5.
    D. Boneh, R. A. Demillo, and R. J. Lipton. On the importance of checking cryptographic protocols for faults. In Advances in Cryptology — EUROCRYPT'97, Lecture Notes in Computer Science, pages 37–51. Springer-Verlag, 1997.Google Scholar
  6. 6.
    D. Chaum. Blind signatures for untraceable payments. In D. Chaum, R. L. Rivest, and A. T. Sherman, editors, Advances in Cryptology — CRYPTO'82, pages 199–203, Santa Barbara, California, 1983. Plenum Press.Google Scholar
  7. 7.
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, Nov 1976.CrossRefMathSciNetGoogle Scholar
  8. 8.
    E. English and S. Hamilton. Network security under siege. The timing attack. Computer, 30(5), March 1996.Google Scholar
  9. 9.
    W. Feller. An introduction to probability theory and its applications, volume I & II. John Wiley & Sons, Inc., 1966. second printing.Google Scholar
  10. 10.
    J. S. A. Kapp. RSAEuro: A cryptographic toolkit, 1996. Version 1.04 Internet Release Distribution.Google Scholar
  11. 11.
    P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology — CRYPTO'96, number 1109 in Lecture Notes in Computer Science, pages 104–113, Santa Barbara, California, 1996. Springer-Verlag.Google Scholar
  12. 12.
    A. Louko. DES package, 1992. Version 2.1, (available via FTP from Scholar
  13. 13.
    J. Markoff. Potential flaw seen in cash card security, September 26 1996. New York Times.Google Scholar
  14. 14.
    M. Matsui. The first experimental cryptanalysis of the data encryption standard. In Y. G. Desmedt, editor, Advances in Cryptology — CRYPTO'94, number 839 in Lecture Notes in Computer Science, pages 1–11, Santa Barbara, California, 1994. Springer-Verlag.Google Scholar
  15. 15.
    M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology — EUROCRYPT'93, number 765 in Lecture Notes in Computer Science, pages 386–897, Lofthus, Norway, 1994. Springer-Verlag.Google Scholar
  16. 16.
    A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, first edition, 1997.Google Scholar
  17. 17.
    R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21:120–126, 1978.CrossRefMathSciNetGoogle Scholar
  18. 18.
    S. Ross. A first course in probability. Macmillan Pub. Comp., third edition, 1988.Google Scholar
  19. 19.
    B. Schneier. Applied Cryptography: Protocols, algorithms and source code in C. John Wiley & Sons, Inc., second edition, 1996.Google Scholar
  20. 20.
    D. R. Stinson. Cryptography, Theory and Practice. CRC Press, first edition, 1995.Google Scholar
  21. 21.
    S. Zacks. The theory of statistical inference. John Wiley & Sons, Inc., 1971.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Alejandro Hevia
    • 1
  • Marcos Kiwi
    • 2
  1. 1.Dept. de Ciencias de la Computatión, Facultad de Ciencias Fífsicas y MatemâticasU. de ChileChile
  2. 2.Dept. de Ingeniería Matemática, Facultad de Ciencias Físicas y MatemáticasU. de ChileChile

Personalised recommendations