A Technique with an Information-Theoretic Basis for Protecting Secret Data from Differential Power Attacks
暂无分享,去创建一个
The classic "black-box" view of cryptographic devices such as smart cards has been invalidated by the advent of the technique of Differential Power Analysis (DPA) for observing intermediate variables during normal operation through side-channel observations. An information-theoretic approach leads to optimal DPA attacks and can provide an upper bound on the rate of information leakage, and thus provides a sound basis for evaluating countermeasures. This paper presents a novel technique of random affine mappings as a DPA countermeasure. The technique increases the number of intermediate variables that must be observed before gleaning any secret information and randomly varies these variables on every run. This is done without duplication of the processing of variables, allowing very efficient DPA resistant cipher implementations where the ciphers are designed to minimise overheads. A real-world system has been developed within the tight computational constraints of a smart card to exhibit first-order DPA-resistance for all key processing.
[1] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.
[2] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.
[3] Louis Goubin,et al. DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.
[4] Pankaj Rohatgi,et al. Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.