Konferenzbeitrag
Collision attacks on processors with cache and countermeasures
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2005
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Implementing cryptographic algorithms is a difficult problem since additional secret information can be recovered from some physical characteristics of a cryptographic device. Among all side-channel attacks, collision attacks and cache attacks are the most recent ones. The first technique uses side-channel information to detect internal collisions related to the algorithm. The second one exploits timing or power consumptions related to the memory accesses. This paper presents a new attack on the first round of AES based on power analysis, which combines both collision attacks and cache attacks. It provides many linear relations between the secret key bits from the encryption of a few chosen plaintexts. For instance, for a classical implementation using 4 lookup tables on a processor with 64-byte cache blocks, 48 linear relations involving half of the key bits are derived. Some countermeasures which defeat such attacks are also presented.