The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dans cet article, nous démontrons d'abord que les fonctions de sélection efficaces dans les attaques par analyse de puissance changent en fonction des architectures de circuit d'un chiffrement par bloc. Nous concluons alors que l'architecture la plus résistante à elle seule, dans le cas de l'architecture en boucle, comporte deux registres de données ayant des rôles distincts : l'un pour stocker le texte clair et le texte chiffré, et l'autre pour stocker les valeurs intermédiaires. Là, l'opération de pré-blanchiment est placée en sortie de l'ancien registre. L'architecture permet la gamme la plus étroite de fonctions de sélection et résiste ainsi au CPA ordinaire. Ainsi, nous pouvons facilement nous défendre contre les attaques du CPA ordinaire au niveau architectural, alors que nous ne le pouvons pas contre le DPA. Deuxièmement, nous proposons une nouvelle technique appelée « auto-modèles » afin d'augmenter la précision de l'évaluation des attaques basées sur DPA. Les auto-modèles permettent de différencier les fonctions de sélection significatives pour les attaques basées sur DPA sans aucune hypothèse forte comme dans l'attaque par modèle. Nous présentons également les résultats d'attaques d'un coprocesseur AES sur un ASIC et démontrons l'efficacité de la technique proposée.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Daisuke SUZUKI, Minoru SAEKI, Koichi SHIMIZU, Tsutomu MATSUMOTO, "How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 1, pp. 200-210, January 2011, doi: 10.1587/transfun.E94.A.200.
Abstract: In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.200/_p
Copier
@ARTICLE{e94-a_1_200,
author={Daisuke SUZUKI, Minoru SAEKI, Koichi SHIMIZU, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers},
year={2011},
volume={E94-A},
number={1},
pages={200-210},
abstract={In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.},
keywords={},
doi={10.1587/transfun.E94.A.200},
ISSN={1745-1337},
month={January},}
Copier
TY - JOUR
TI - How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 200
EP - 210
AU - Daisuke SUZUKI
AU - Minoru SAEKI
AU - Koichi SHIMIZU
AU - Tsutomu MATSUMOTO
PY - 2011
DO - 10.1587/transfun.E94.A.200
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2011
AB - In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.
ER -