Abstract
We study the vulnerability of two implementations of the Data Encryption Standard (DES) cryptosystem under a timing attack. A timing attack is a method, recently proposed by Paul Kocher, that is designed to break cryptographic systems. It exploits the engineering aspects involved in the implementation of cryptosystems and might succeed even against cryptosys-tems that remain impervious to sophisticated cryptanalytic techniques. A timing attack is, essentially, a way of obtaining some users private information by carefully measuring the time it takes the user to carry out cryptographic operations. In this work, we analyze two implementations of DES. We show that a timing attack yields the Hamming weight of the key used by both DES implementations. Moreover, the attack is computationally inexpensive. We also show that all the design characteristics of the target system, necessary to carry out the timing attack, can be inferred from timing measurements.
- 1 BIHAM,E.AND SHAMIR, A. 1991. Differential cryptanalysis of DES-like cryptosystems. J. Cryptology 4, 1, 3-72.]]Google Scholar
- 2 BIHAM,E.AND SHAMIR, A. 1993. Differential cryptanalysis of the full 16-round DES. In Proceedings of the Conference on Advances in Cryptology (CRYPTO'92, Santa Barbara, CA), E. F. Brickell, Ed. Springer-Verlag, New York, 494-502.]] Google Scholar
- 3 BIHAM,E.AND SHAMIR, A. 1997. Differential fault analysis of secret key cryptosystems. CS0910. Electrical Engineering Department, Technion:Israel Institute of Technology, Haifa, Israel.]]Google Scholar
- 4 BONEH, D., DEMILLO,R.A.,AND LIPTON, R. J. 1997. On the importance of checking cryptographic protocols for faults. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT'97), W. Fumy, Ed. Springer-Verlag, New York, 37-51.]]Google Scholar
- 5 CHAUM, D. 1983. Blind signatures for untraceable payments. In Proceedings of the Conference on Advances in Cryptology (CRYPTO'82, Santa Barbara, CA), D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Plenum Press, New York, NY, 199-203.]]Google Scholar
- 6 DHEM, J.-F., KOEUNE, F., LEROUX, P.-A., MESTR~ PERSON_ID: 546906, P., QUISQUATER, J.-J., AND WILLEMS, J.-L 1998. A practical implementation of the timing attack. In Proceedings of the Symposium on Smart Card Research and Advanced Applications (CARDIS'98), J.-J. Quisquater and B. Schneider, Eds. Springer-Verlag, New York.]] Google Scholar
- 7 DIFFIE,W.AND HELLMAN, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theor. 22, 6 (Nov.), 644-654.]]Google Scholar
- 8 ENGLISH,E.AND HAMILTON, S. 1996. Network security under siege: the timing attack. IEEE Computer 29, 3, 95-97.]] Google Scholar
- 9 FELLER, W. 1966. An Introduction to Probability Theory and its Applications. 2nd ed. John Wiley & Sons, Inc., New York, NY.]]Google Scholar
- 10 HANDSCHUH, H. 1998. A timing attack on RC5. In Proceedings of the Workshop on Selected Areas of Cryptography (SAC'98, Aug.), S. Tavares and H. Meijer, Eds. Springer-Verlag, New York, NY.]] Google Scholar
- 11 HAZEWINKEL, M., Ed 1988. Encyclopedia of Mathematics: An updated and annotated translation of the Soviet "Mathematical Encyclopaedia". Encyclopedia of Mathematics, vol. 1. Kluwer Academic Publishers, Hingham, MA.]]Google Scholar
- 12 HEIDENSTROM, K. 1995. FAQ/application notes: Timing on the PC family under DOS. (ftp://garbo.uwasa.fi/pc/programming/pctim003.zip).]]Google Scholar
- 13 HEYS, H. M. 1998. A timing attack on RC5. In Proceedings of the Workshop on Selected Areas of Cryptography (SAC'98, Aug.), S. Tavares and H. Meijer, Eds. Springer-Verlag, New York, NY.]] Google Scholar
- 14 HOGG,R.AND TANIS, E. 1997. Probability and Statistical Inference. 5th ed. Prentice-Hall, New York, NY.]]Google Scholar
- 15 KAPP, J. S. A. 1996. RSAEuro: A cryptographic toolkit. Ver. 1.04. Internet Rel. Distrib..]]Google Scholar
- 16 KOCHER, P. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '96, Santa Barbara, CA), N. Koblitz, Ed. Springer-Verlag, New York, 104-113.]] Google Scholar
- 17 LOUKO, A. 1992. DES package. Helsinki Univ. Tech., Helsinki, Finland. ftp://kampi.hut.fi.]]Google Scholar
- 18 MARKOFF, J. 1996. Potential flaw seen in cash card security. The New York Times.]]Google Scholar
- 19 MATSUI, M. 1994. The first experimental crytanalysis of the data encryption standard. In Proceedings of the Conference on Advances in Cryptology (CRYPTO'94, Santa Barbara, CA), Y. G. Desmedt, Ed. Springer-Verlag, New York, 1-11.]] Google Scholar
- 20 MATSUI, M. 1994. Linear cryptanalysis method for DES cipher. In Proceedings of the Workshop on The Theory and Application of Cryptographic Techniques, Advances in Cryp-tology (EUROCRYPT'93, Lofthus, Norway, May 23-27), T. Helleseth, Ed. Springer Lecture Notes in Computer Science Springer-Verlag, Secaucus, NJ, 386-397.]] Google Scholar
- 21 MENEZES,A.J.,VAN OORSCHOT,P.C.,AND VANSTONE, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL. NBS 1977. NBS FIPS PUB 46, Data Encryption Standard. U.S. Department of Commerce.]] Google Scholar
- 22 RIVEST, R., SHAMIR, A., AND ADELMAN, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.]] Google Scholar
- 23 ROSS, S. 1988. A First Course in Probability. 3rd ed. Macmillan Publishing Co., Inc., Indianapolis, IN.]]Google Scholar
- 24 SCHNEIER, B. 1995. Applied Cryptography: Protocols, Algorithms, and Source Code in C. 2nd ed. John Wiley & Sons, Inc., New York, NY.]] Google Scholar
- 25 STINSON, D. R. 1995. Cryptography: Theory and Practice. 1st ed. CRC Press, Inc., Boca Raton, FL.]] Google Scholar
- 26 ZACKS, S. 1971. The Theory of Statistical Inference. John Wiley & Sons, Inc., New York, NY.]]Google Scholar
Index Terms
- Strength of two data encryption standard implementations under timing attacks
Recommendations
Breaking an ID-based encryption based on discrete logarithm and factorization problems
We cryptanalyse the new ID-based encryption scheme proposed by Meshram.We find a method to factorize N, where N is the parameter proposed by Meshram.We also give a method to recover the secret master key of Meshram's ID-based encryption scheme.We also ...
On the security of multiple encryption
Double encryption has been suggested to strengthen the Federal Data Encryption Standard (DES). A recent proposal suggests that using two 56-bit keys but enciphering 3 times (encrypt with a first key, decrypt with a second key, then encrypt with the ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Comments