Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers

ME Oswald; S Mangard; C Herbst; S Tillich

Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers

ME Oswald, S Mangard, C Herbst, S Tillich

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

148 Citations (Scopus)

Abstract

In this article we describe an improved concept for second order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second order DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess the number of traces that are needed for a successful attack. We give evidence on the effectiveness of our methodology by showing practical attacks on a masked AES smart card implementation. In these attacks we target inputs and outputs of the SubBytes operation in the first encryption round.

Translated title of the contribution	Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers
Original language	English
Title of host publication	RSA Conference 2006, Cryptographers' Track
Editors	D. Pointcheval
Publisher	Springer
Pages	192 - 207
Volume	3860
Publication status	Published - 2006

Bibliographical note

Conference Organiser: RSA

Handle.net

Persistent link

Cite this

@inproceedings{20cd3d7df537480183f7a7fb3ec7d89d,

title = "Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers",

abstract = "In this article we describe an improved concept for second order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second order DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess the number of traces that are needed for a successful attack. We give evidence on the effectiveness of our methodology by showing practical attacks on a masked AES smart card implementation. In these attacks we target inputs and outputs of the SubBytes operation in the first encryption round.",

author = "ME Oswald and S Mangard and C Herbst and S Tillich",

note = "Conference Organiser: RSA",

year = "2006",

language = "English",

volume = "3860",

pages = "192 -- 207",

editor = "D. Pointcheval",

booktitle = "RSA Conference 2006, Cryptographers' Track",

publisher = "Springer",

address = "United States",

}

TY - GEN

T1 - Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers

AU - Oswald, ME

AU - Mangard, S

AU - Herbst, C

AU - Tillich, S

N1 - Conference Organiser: RSA

PY - 2006

Y1 - 2006

N2 - In this article we describe an improved concept for second order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second order DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess the number of traces that are needed for a successful attack. We give evidence on the effectiveness of our methodology by showing practical attacks on a masked AES smart card implementation. In these attacks we target inputs and outputs of the SubBytes operation in the first encryption round.

AB - In this article we describe an improved concept for second order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second order DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess the number of traces that are needed for a successful attack. We give evidence on the effectiveness of our methodology by showing practical attacks on a masked AES smart card implementation. In these attacks we target inputs and outputs of the SubBytes operation in the first encryption round.

M3 - Conference Contribution (Conference Proceeding)

VL - 3860

SP - 192

EP - 207

BT - RSA Conference 2006, Cryptographers' Track

A2 - Pointcheval, D.

PB - Springer

ER -

Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers

Abstract

Bibliographical note

Handle.net

Fingerprint

Cite this