摘要
This paper aims to explain that mask reused vertically in a same round of cryptographic algorithm is insecure. For three leakage positions of a masking scheme proposed by Oswald et al., two attacks, second-order correlation power analysis and collision attack, are presented. Based on AT89S52 singlechip, practical power analysis attacks are mounted. According to our experiments, 30000 power traces are needed for recovering the 128-bit key in second-order CPA. Collision attack costs 10000 traces, but it needs some subsequent searches. Finally, we suggest that mask can be reused among different rounds, but horizontal or vertical usage in a same round should be avoided.
| 投稿的翻译标题 | Power analysis attacks on AES with vertically-reused masks |
|---|---|
| 源语言 | 繁体中文 |
| 页(从-至) | 91-99 |
| 页数 | 9 |
| 期刊 | Journal of Cryptologic Research |
| 卷 | 1 |
| 期 | 1 |
| DOI | |
| 出版状态 | 已出版 - 25 2月 2014 |
| 已对外发布 | 是 |
关键词
- AES
- Collision attack
- Masking
- Power analysis attack