How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers

DOI Web Site 被引用文献1件 参考文献37件
  • SHIMIZU Koichi
    Information Technology R&D Center, Mitsubishi Electric Corporation
  • MATSUMOTO Tsutomu
    Graduate School of Environmental and Information Sciences, Yokohama National University
  • SUZUKI Daisuke
    Information Technology R&D Center, Mitsubishi Electric Corporation Graduate School of Environmental and Information Sciences, Yokohama National University
  • SAEKI Minoru
    Information Technology R&D Center, Mitsubishi Electric Corporation

書誌事項

公開日
2011
DOI
  • 10.1587/transfun.e94.a.200
公開者
一般社団法人 電子情報通信学会

この論文をさがす

説明

In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called “self-templates” in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.

収録刊行物

被引用文献 (1)*注記

もっと見る

参考文献 (37)*注記

もっと見る

キーワード

詳細情報 詳細情報について

問題の指摘

ページトップへ