An Improved Power Analysis Attack Against Camellia's Key Schedule

This paper presents an improved simple power analysis attack against the key schedule of Camellia. While the original attack required an exact determination of the Hamming weight of intermediate data values based on power measurements, in this paper, two variants of the simple power analysis attack are presented and shown to be tolerant of errors that might occur in the Hamming weight determinations. In practical applications of the attack such errors are likely to occur due to noise and distortion in the power measurements and their mapping to the Hamming weights of the data. Further, we propose a practical method to evaluate the susceptibility of other block ciphers to simple power analysis attacks. To resist these attacks, the required design rationale of key schedules and several practical countermeasures are suggested.

[1]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[2]  Bart Preneel,et al.  A Theoretical Evaluation of some NESSIE Candidates regarding their Susceptibility towards Power Analysis Attacks , 2002 .

[3]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[5]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[6]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[7]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[8]  Sangwoo Park,et al.  On the Security of CAMELLIA against the Square Attack , 2002, FSE.

[9]  Taizo Shirai,et al.  Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[10]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[11]  Vincent Rijmen,et al.  The KHAZAD Legacy-Level Block Cipher , 2001 .

[12]  Howard M. Heys,et al.  A simple power analysis attack against the key schedule of the Camellia block cipher , 2005, Inf. Process. Lett..