• Title/Summary/Keyword: Key Bit-dependent Attack

Search Result 4, Processing Time 0.018 seconds

Key Bit-dependent Attack on Side-Channel Analysis-Resistant Hardware Binary Scalar Multiplication Algorithm using a Single-Trace (부채널 분석에 안전한 하드웨어 이진 스칼라 곱셈 알고리즘에 대한 단일 파형 비밀 키 비트 종속 공격)

  • Sim, Bo-Yeon;Kang, Junki;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1079-1087
    • /
    • 2018
  • Binary scalar multiplication which is the main operation of elliptic curve cryptography is vulnerable to the side-channel analysis. Especially, it is vulnerable to the side-channel analysis which uses power consumption and electromagnetic emission patterns. Thus, various countermeasures have been studied. However, they have focused on eliminating patterns of data dependent branches, statistical characteristic according to intermediate values, or the interrelationships between data. No countermeasure have been taken into account for the secure design of the key bit check phase, although the secret scalar bits are directly loaded during that phase. Therefore, in this paper, we demonstrate that we can extract secret scalar bits with 100% success rate using a single power or a single electromagnetic trace by performing key bit-dependent attack on hardware implementation of binary scalar multiplication algorithm. Experiments are focused on the $Montgomery-L{\acute{o}}pez-Dahab$ ladder algorithm protected by scalar randomization. Our attack does not require sophisticated pre-processing and can defeat existing countermeasures using a single-trace. As a result, we propose a countermeasure and suggest that it should be applied.

Related-Key Differential Attacks on CHESS-64

  • Luo, Wei;Guo, Jiansheng
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.9
    • /
    • pp.3266-3285
    • /
    • 2014
  • With limited computing and storage resources, many network applications of encryption algorithms require low power devices and fast computing components. CHESS-64 is designed by employing simple key scheduling and Data-Dependent operations (DDO) as main cryptographic components. Hardware performance for Field Programmable Gate Arrays (FPGA) and for Application Specific Integrated Circuits (ASIC) proves that CHESS-64 is a very flexible and powerful new cipher. In this paper, the security of CHESS-64 block cipher under related-key differential cryptanalysis is studied. Based on the differential properties of DDOs, we construct two types of related-key differential characteristics with one-bit difference in the master key. To recover 74 bits key, two key recovery algorithms are proposed based on the two types of related-key differential characteristics, and the corresponding data complexity is about $2^{42.9}$ chosen-plaintexts, computing complexity is about $2^{42.9}$ CHESS-64 encryptions, storage complexity is about $2^{26.6}$ bits of storage resources. To break the cipher, an exhaustive attack is implemented to recover the rest 54 bits key. These works demonstrate an effective and general way to attack DDO-based ciphers.

A Chosen Plaintext Linear Attack On Block Cipher Cipher CIKS-1 (CIKS-1 블록 암호에 대한 선택 평문 선형 공격)

  • 이창훈;홍득조;이성재;이상진;양형진;임종인
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.1
    • /
    • pp.47-57
    • /
    • 2003
  • In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC) and show that we can attack full-round CIKS-1 with \ulcorner56-bit key through the canonical extension of our attack. A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduling which consist in data dependent transformation of the round subkeys. Taking into accout the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p=3/4 for 16 parallel modulo $2^2$ additions to construct one-round linear approximation and derive one-round linear approximation with the probability P=1/2+$2^{-17}$ by Piling-up lemma. Then we present 3-round linear approximation with 1/2+$2^{-17}$ using this one-round approximation and attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion we present that our attack requires $2^{38}$chosen plaintexts with a probability of success of 99.9% and about $2^{67-7}$encryption times to recover the last round key.(But, for the full-round CIKS-1, our attack requires about $2^{166}$encryption times)

Video Watermarking Algorithm using the Frame-dependent Key (프레임에 기반한 키를 이용한 동영상 워터마킹)

  • 안일영;박성한
    • Journal of Broadcast Engineering
    • /
    • v.8 no.4
    • /
    • pp.501-504
    • /
    • 2003
  • In this out watermarking method, a key is determined by quantizing the maximum motion difference between frames. We have a problem the key value for embedding and detection are different in 1 to 3% frames of all frames. This problem can be easily solved by using a new key according to bit error rate of the extracted watermark. Since the watermark is embedded in each frame nth different keys and detected In all the frames, out method is resistant against attacks such as the frame averaging and frame drop.