对一种纵向重用型 AES 掩码的能量分析攻击

An Wang; Yan Yan Yu; Man Chen; Xiao Mei Wang; Guo Shuang Zhang

doi:10.13868/j.cnki.jcr.000009

对一种纵向重用型 AES 掩码的能量分析攻击

Translated title of the contribution: Power analysis attacks on AES with vertically-reused masks

An Wang^*, Yan Yan Yu, Man Chen, Xiao Mei Wang, Guo Shuang Zhang

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

This paper aims to explain that mask reused vertically in a same round of cryptographic algorithm is insecure. For three leakage positions of a masking scheme proposed by Oswald et al., two attacks, second-order correlation power analysis and collision attack, are presented. Based on AT89S52 singlechip, practical power analysis attacks are mounted. According to our experiments, 30000 power traces are needed for recovering the 128-bit key in second-order CPA. Collision attack costs 10000 traces, but it needs some subsequent searches. Finally, we suggest that mask can be reused among different rounds, but horizontal or vertical usage in a same round should be avoided.

Translated title of the contribution	Power analysis attacks on AES with vertically-reused masks
Original language	Chinese (Traditional)
Pages (from-to)	91-99
Number of pages	9
Journal	Journal of Cryptologic Research
Volume	1
Issue number	1
DOIs	https://doi.org/10.13868/j.cnki.jcr.000009
Publication status	Published - 25 Feb 2014
Externally published	Yes

Access to Document

10.13868/j.cnki.jcr.000009

Cite this

@article{3b9f1cbda6cd4f3785f45aff3a1ba541,

title = "对一种纵向重用型 AES 掩码的能量分析攻击",

abstract = "This paper aims to explain that mask reused vertically in a same round of cryptographic algorithm is insecure. For three leakage positions of a masking scheme proposed by Oswald et al., two attacks, second-order correlation power analysis and collision attack, are presented. Based on AT89S52 singlechip, practical power analysis attacks are mounted. According to our experiments, 30000 power traces are needed for recovering the 128-bit key in second-order CPA. Collision attack costs 10000 traces, but it needs some subsequent searches. Finally, we suggest that mask can be reused among different rounds, but horizontal or vertical usage in a same round should be avoided.",

keywords = "AES, Collision attack, Masking, Power analysis attack",

author = "An Wang and Yu, {Yan Yan} and Man Chen and Wang, {Xiao Mei} and Zhang, {Guo Shuang}",

year = "2014",

month = feb,

day = "25",

doi = "10.13868/j.cnki.jcr.000009",

language = "繁体中文",

volume = "1",

pages = "91--99",

journal = "Journal of Cryptologic Research",

issn = "2095-7025",

publisher = "Chinese Association for Cryptologic Research",

number = "1",

}

TY - JOUR

T1 - 对一种纵向重用型 AES 掩码的能量分析攻击

AU - Wang, An

AU - Yu, Yan Yan

AU - Chen, Man

AU - Wang, Xiao Mei

AU - Zhang, Guo Shuang

PY - 2014/2/25

Y1 - 2014/2/25

N2 - This paper aims to explain that mask reused vertically in a same round of cryptographic algorithm is insecure. For three leakage positions of a masking scheme proposed by Oswald et al., two attacks, second-order correlation power analysis and collision attack, are presented. Based on AT89S52 singlechip, practical power analysis attacks are mounted. According to our experiments, 30000 power traces are needed for recovering the 128-bit key in second-order CPA. Collision attack costs 10000 traces, but it needs some subsequent searches. Finally, we suggest that mask can be reused among different rounds, but horizontal or vertical usage in a same round should be avoided.

AB - This paper aims to explain that mask reused vertically in a same round of cryptographic algorithm is insecure. For three leakage positions of a masking scheme proposed by Oswald et al., two attacks, second-order correlation power analysis and collision attack, are presented. Based on AT89S52 singlechip, practical power analysis attacks are mounted. According to our experiments, 30000 power traces are needed for recovering the 128-bit key in second-order CPA. Collision attack costs 10000 traces, but it needs some subsequent searches. Finally, we suggest that mask can be reused among different rounds, but horizontal or vertical usage in a same round should be avoided.

KW - AES

KW - Collision attack

KW - Masking

KW - Power analysis attack

UR - http://www.scopus.com/inward/record.url?scp=85059149808&partnerID=8YFLogxK

U2 - 10.13868/j.cnki.jcr.000009

DO - 10.13868/j.cnki.jcr.000009

M3 - 文章

AN - SCOPUS:85059149808

SN - 2095-7025

VL - 1

SP - 91

EP - 99

JO - Journal of Cryptologic Research

JF - Journal of Cryptologic Research

IS - 1

ER -

对一种纵向重用型 AES 掩码的能量分析攻击

Abstract

Access to Document

Other files and links

Fingerprint

Cite this