K. Boey, Yingxi Lu, Máire O’Neill, Roger Francis Woods
{"title":"CAST-128的差分功率分析","authors":"K. Boey, Yingxi Lu, Máire O’Neill, Roger Francis Woods","doi":"10.1109/ISVLSI.2010.14","DOIUrl":null,"url":null,"abstract":"Power analysis is used to reveal the secret key of security devices by monitoring the power consumption of certain cryptographic algorithm operations through a statistical analysis approach known as Differential Power Analysis (DPA). Whilst this has been applied extensively to attacks on FPGA devices, there has been little research into attacks on ASIC devices. Although standard DPAs are essentially independent of the block cipher that they target, some are less susceptible than others due to algorithm’s structure, and therefore more difficult to attack such as the CAST-128. In this paper, we outline the first reported power analysis attack of CAST-128 as it falls into the category just outlined and it is the only algorithm that has not been practically broken either on FPGA or ASIC, it is also a common block cipher used in Canada. The paper outlines an approach that reveals all 128 bits of the secret key within 300,500 power traces, highlighting insights on attacking the registers rather than the Sbox. Finally, the effect of applying the Hamming weight power model on different widths of the target register under attack in ASIC device is evaluated.","PeriodicalId":187530,"journal":{"name":"2010 IEEE Computer Society Annual Symposium on VLSI","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Differential Power Analysis of CAST-128\",\"authors\":\"K. Boey, Yingxi Lu, Máire O’Neill, Roger Francis Woods\",\"doi\":\"10.1109/ISVLSI.2010.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Power analysis is used to reveal the secret key of security devices by monitoring the power consumption of certain cryptographic algorithm operations through a statistical analysis approach known as Differential Power Analysis (DPA). Whilst this has been applied extensively to attacks on FPGA devices, there has been little research into attacks on ASIC devices. Although standard DPAs are essentially independent of the block cipher that they target, some are less susceptible than others due to algorithm’s structure, and therefore more difficult to attack such as the CAST-128. In this paper, we outline the first reported power analysis attack of CAST-128 as it falls into the category just outlined and it is the only algorithm that has not been practically broken either on FPGA or ASIC, it is also a common block cipher used in Canada. The paper outlines an approach that reveals all 128 bits of the secret key within 300,500 power traces, highlighting insights on attacking the registers rather than the Sbox. Finally, the effect of applying the Hamming weight power model on different widths of the target register under attack in ASIC device is evaluated.\",\"PeriodicalId\":187530,\"journal\":{\"name\":\"2010 IEEE Computer Society Annual Symposium on VLSI\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE Computer Society Annual Symposium on VLSI\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISVLSI.2010.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE Computer Society Annual Symposium on VLSI","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISVLSI.2010.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Power analysis is used to reveal the secret key of security devices by monitoring the power consumption of certain cryptographic algorithm operations through a statistical analysis approach known as Differential Power Analysis (DPA). Whilst this has been applied extensively to attacks on FPGA devices, there has been little research into attacks on ASIC devices. Although standard DPAs are essentially independent of the block cipher that they target, some are less susceptible than others due to algorithm’s structure, and therefore more difficult to attack such as the CAST-128. In this paper, we outline the first reported power analysis attack of CAST-128 as it falls into the category just outlined and it is the only algorithm that has not been practically broken either on FPGA or ASIC, it is also a common block cipher used in Canada. The paper outlines an approach that reveals all 128 bits of the secret key within 300,500 power traces, highlighting insights on attacking the registers rather than the Sbox. Finally, the effect of applying the Hamming weight power model on different widths of the target register under attack in ASIC device is evaluated.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
