The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dalam makalah ini kami mula-mula menunjukkan bahawa fungsi pemilihan yang berkesan dalam serangan analisis kuasa berubah bergantung pada seni bina litar sifir blok. Kami kemudian membuat kesimpulan bahawa seni bina yang paling tahan dengan sendirinya, dalam kes seni bina gelung, mempunyai dua daftar data mempunyai peranan yang berasingan: satu untuk menyimpan teks biasa dan teks sifir, dan satu lagi untuk menyimpan nilai perantaraan. Di sana, operasi pra-pemutihan diletakkan pada output daftar bekas. Seni bina membenarkan julat fungsi pemilihan yang paling sempit dan dengan itu mempunyai rintangan terhadap CPA biasa. Oleh itu, kita boleh bertahan dengan mudah daripada serangan CPA biasa di peringkat seni bina, sedangkan kita tidak boleh menentang DPA. Kedua, kami mencadangkan teknik baharu yang dipanggil "templat kendiri" untuk meningkatkan ketepatan penilaian serangan berasaskan DPA. Templat kendiri membolehkan untuk membezakan fungsi pemilihan yang bermakna untuk serangan berasaskan DPA tanpa sebarang andaian yang kukuh seperti dalam serangan templat. Kami juga membentangkan hasil serangan kepada pemproses bersama AES pada ASIC dan menunjukkan keberkesanan teknik yang dicadangkan.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Daisuke SUZUKI, Minoru SAEKI, Koichi SHIMIZU, Tsutomu MATSUMOTO, "How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 1, pp. 200-210, January 2011, doi: 10.1587/transfun.E94.A.200.
Abstract: In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.200/_p
Salinan
@ARTICLE{e94-a_1_200,
author={Daisuke SUZUKI, Minoru SAEKI, Koichi SHIMIZU, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers},
year={2011},
volume={E94-A},
number={1},
pages={200-210},
abstract={In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.},
keywords={},
doi={10.1587/transfun.E94.A.200},
ISSN={1745-1337},
month={January},}
Salinan
TY - JOUR
TI - How to Decide Selection Functions for Power Analysis: From the Viewpoint of Hardware Architecture of Block Ciphers
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 200
EP - 210
AU - Daisuke SUZUKI
AU - Minoru SAEKI
AU - Koichi SHIMIZU
AU - Tsutomu MATSUMOTO
PY - 2011
DO - 10.1587/transfun.E94.A.200
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2011
AB - In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.
ER -