• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.1
• /
• pp.139-149
• /
• 2010

Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.3
• /
• pp.74-80
• /
• 2012

Recently at SCIS2011, Nakatsu et. al. proposed multi-round Correlation Power Analysis(CPA) on Hardware Advanced Encryption Standard(AES) to improve the performance of CPA with limited number of traces. In this paper, we propose, Multi-Round CPA to retrieve master key using CPA of 1round and 2round on Hardware DES. From the simulation result for the proposed attack method, we could extract 56-bit master key using the 300 power traces of Hardware DES in DPA contes. And it was proved that we can search more master key using multi-round CPA than using single round CPA in limited environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.803-807
• /
• 2018

The Fantomas and the Robin are the block ciphers included in the LS-designs, the family of block ciphers. They are designed to efficiently apply the masking technique, which is a side-channel analysis countermeasure technique, using L-boxes and S-boxes capable of bit slice implementation. In this paper, we show that the key recovery attacks of Fantomas and Robin through the related-key differential analysis are possible with $2^{56}$ and $2^{72}$ time complexity, $2^{56}$ and $2^{69}$ chosen plaintext respectively.

• ETRI Journal
• /
• v.32 no.1
• /
• pp.166-168
• /
• 2010

We investigate the possibility of using adiabatic logic as a countermeasure against differential power analysis (DPA) style attacks to make use of its energy efficiency. Like other dual-rail logics, adiabatic logic exhibits a current dependence on input data, which makes the system vulnerable to DPA. To resolve this issue, we propose a symmetric adiabatic logic in which the discharge paths are symmetric for data-independent parasitic capacitance, and the charges are shared between the output nodes and between the internal nodes, respectively, to prevent the circuit from depending on the previous input data.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.163-165
• /
• 2016

AES-128 블록 암호에 대해 상관관계 전력분석 공격을 통해 비밀키를 추출할 수 있는 보안공격 시스템의 프로토타입을 개발했다. Verilog HDL로 모델링된 AES-128 암호 코어의 RTL 시뮬레이션을 통해 switching activity 정보를 추출하고, 이를 PowerArtist 툴을 이용하여 순시 전력을 도출하였다. 추출된 순시 전력으로부터 출력 레지스터의 hamming Weight 모델링과 상관관계 분석을 통해 128 비트의 비밀키 중 일부를 획득하는 보안공격 시스템을 개발하였다.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.2
• /
• pp.117-126
• /
• 2011

RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.26 no.4
• /
• pp.333-340
• /
• 1990

The authors carried out a visiualizational model test by the hydrogen bubble method to examine the pattern of the fluid flow besides the simple camber type and plane type otter board in circulation water channel. The experimental conditions are velocity of flow 0.05 and 0.1m/sec, angle of attack 0$^{\circ}$~45$^{\circ}$(5$^{\circ}$step). The results obtained are as follows: 1. In the case of the simple camber type otter board located angle of attack 25$^{\circ}$, vortex at the leading edge was geneated at 1/2 of chord length. 2. Size of the vortex generated in the trailing edge was about 2~3 times larger then that of the leading edge. 3. In the case of the simple camber type otter board located angle of attack 30$^{\circ}$, separation of stream-line at leading edge was generated at 1/3 of chord length. 4. Nearest stream-line in the back side of the simple camber type otter board was bent in the direction of otter board when the angle of attack was 25$^{\circ}$ and 30$^{\circ}$, and in the case of plane type otter board was expanded outside of the flow direction. 6. Area separated of the simple camber type otter board at the angle of attack 30$^{\circ}$ was smaller then that of plane type otter board. 7. Flow speed in the back side of the simple camber type otter board was about 1.4 times faster then that in the front side, and in the case of the plane otter board about 1.2 times faster.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1369-1380
• /
• 2010

In this paper, we propose the efficient Second-Order Differential Power Analysis attack, which has ability to find significant information such as secret key in the devices consisting IT convergence environment such as Smartgrid, Advanced Metering Infrastructure(AMI) and ZigBee-based home networking service. This method helps to find the secret key easily at a device, even though it uses a countermeasure like masking which makes First-Order DPA attack harder. First, we present the performance results of our implementation which implements practical Second-Order DPA attack using the existing preprocessing function, and analyze it. Then we propose a stronger preprocessing function which overcomes countermeasures like masking. Finally, we analyze the results of the Second-Order CPA attack using proposed preprocessing function and verify that proposed scheme is very threatening to the security fields of IT convergence technology through the experimental results.