Introduction to differential power analysis

The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs. This paper examines how information leaked through power consumption and other side channels can be analyzed to extract secret keys from a wide range of devices. The attacks are practical, non-invasive, and highly effective—even against complex and noisy systems where cryptographic computations account for only a small fraction of the overall power consumption. We also introduce approaches for preventing DPA attacks and for building cryptosystems that remain secure even when implemented in hardware that leaks.

[1]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[2]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[3]  Travis N. Blalock,et al.  An on-chip signal suppression countermeasure to power analysis attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[4]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[5]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[6]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[7]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[8]  Alex Yakovlev,et al.  Balancing power signature in secure systems , 2003 .

[9]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[10]  Igor E. Shparlinski,et al.  On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme , 2001, CRYPTO.

[11]  Frédéric Valette,et al.  Enhancing Collision Attacks , 2004, CHES.

[12]  Roman Novak,et al.  Sign-Based Differential Power Analysis , 2003, WISA.

[13]  Bert den Boer,et al.  A DPA Attack against the Modular Reduction within a CRT Implementation of RSA , 2002, CHES.

[14]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[15]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[16]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[17]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[18]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[19]  Sergei P. Skorobogatov,et al.  Using Optical Emission Analysis for Estimating Contribution to Power Analysis , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[20]  Christophe Giraud,et al.  Provably Secure S-Box Implementation Based on Fourier Transform , 2006, CHES.

[21]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[22]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[23]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[24]  Paul C. Kocher Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks , 2005 .

[25]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[26]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[27]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[28]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[29]  Alexandre Yakovlev,et al.  Design and analysis of dual-rail circuits for security applications , 2005, IEEE Transactions on Computers.

[30]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[31]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[32]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[33]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[34]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[35]  Jean-Didier Legat,et al.  A Dynamic Current Mode Logic to Counteract Power Analysis Attacks , 2004 .

[36]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[37]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[38]  Julie Ferrigno,et al.  When AES blinks: introducing optical side channel , 2008, IET Inf. Secur..

[39]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[40]  Josh Jae A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter , 2007 .

[41]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[42]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[43]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[44]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[45]  Roman Novak,et al.  SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation , 2002, Public Key Cryptography.

[46]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[47]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[48]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[49]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[50]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[51]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[52]  Marc Joye,et al.  Cryptographic hardware and embedded systems - CHES 2004 : 6th International Workshop, Cambridge, MA, USA, August 11-13, 2004 : proceedings , 2004 .

[53]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[54]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[55]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[56]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[57]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[58]  François-Xavier Standaert,et al.  Adaptive Chosen-Message Side-Channel Attacks , 2010, ACNS.

[59]  Tim Collins,et al.  Secure contactless smartcard ASIC with DPA protection , 2001 .

[60]  Luis A. Plana,et al.  An investigation into the security of self-timed circuits , 2003, Ninth International Symposium on Asynchronous Circuits and Systems, 2003. Proceedings..

[61]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[62]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[63]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[64]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[65]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[66]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[67]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[68]  Roman Novak,et al.  Side-Channel Attack on Substitution Blocks , 2003, ACNS.

[69]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[70]  Ingrid Verbauwhede,et al.  Design method for constant power consumption of differential logic circuits , 2005, Design, Automation and Test in Europe.

[71]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[72]  Yusuf Leblebici,et al.  Low-power current mode logic for improved DPA-resistance in embedded systems , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[73]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[74]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[75]  Alessandro Trifiletti,et al.  A novel CMOS logic style with data independent power consumption , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[76]  Alexandre Yakovlev,et al.  Improving the Security of Dual-Rail Circuits , 2004, CHES.