Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

Advertisement

Springer Nature Link
Log in

Differential fault analysis of secret key cryptosystems

  • Conference paper
  • First Online:

Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 1294))

Included in the following conference series:

Abstract

In September 1996 Boneh, Demillo, and Lipton from Bellcore announced a new type of cryptanalytic attack which exploits computational errors to find cryptographic keys. Their attack is based on algebraic properties of modular arithmetic, and thus it is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES).

In this paper, we describe a related attack, which we callDifferential Fault Analysis, orDFA, and show that it is applicable to almost any secret key cryptosystem proposed so far in the open literature. Our DFA attack can use various fault models and various cryptanalytic techniques to recover the cryptographic secrets hidden in the tarn per-resistant device. In particular, we have demonstrated that under the same hardware fault model used by the Bellcore researchers, we can extract the full DES key from a sealed tamper-resistant DES encryptor by analyzing between 50 and 200 ciphertexts generated from unknown but related plaintexts.

In the second part of the paper we develop techniques to identify the keys of completely unknown ciphers (such as Skipjack) sealed in tamper-resistant devices, and to reconstruct the complete specification of DES-like unknown ciphers.

In the last part of the paper, we consider a different fault model, based on permanent hardware faults, and show that it can be used to break DES by analyzing a small number of ciphertexts generated from completely unknown and unrelated plaintexts.

References

  1. Ross Anderson, Markus Kuhn,Tamper Resistance — a Cautionary Note, proceedings of the Second Usenix Workshop on Electronic Commerce, pp. 1–11, November 1996.

    Google Scholar 

  2. Ross Anderson, Markus Kuhn,Low Cost Attacks on Tamper Resistant Devices, proceedings of the 1997 Security Protocols Workshop, Paris, April 7–9, 1997.

    Google Scholar 

  3. Eli Biham,New Types of Cryptanalytic Attacks Using Related Keys, Journal of Cryptology, Vol. 7, No. 4, pp. 229–246, 1994.

    Article MATH  Google Scholar 

  4. Eli Biham, Adi Shamir,Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.

    Google Scholar 

  5. Dan Boneh, Richard A. Demillo, Richard J. Lipton,On the Importance of Checking Cryptographic Protocols for Faults, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT97, pp. 37–51, 1997.

    Google Scholar 

  6. Lawrence Brown, Josef Pieprzyk, Jennifer Seberry,LOKI — A Cryptographic Primitive for Authentication and Secrecy Applications, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of AUSCRYPT90, pp. 229–236, 1990.

    Google Scholar 

  7. John Kelsey, Bruce Schneier, David Wagner,Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'96, pp. 237–251, 1996.

    Google Scholar 

  8. Paul C. Kocher,Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'96, pp. 104–113, 1996.

    Google Scholar 

  9. Xuejia Lai, James L. Massey, Sean Murphy,Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT91, pp. 17–38, 1991.

    Google Scholar 

  10. Susan K. Langford, Martin E. Hellman,Differential-linear cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'94, pp. 17–25, 1994.

    Google Scholar 

  11. John Markoff,Potential Flaw Seen in Cash Card Security, New York Times, September 26, 1996.

    Google Scholar 

  12. Mitsuru Matsui,Linear Cryptanalysis Method for DES Cipher, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'93, pp. 386–397, 1993.

    Google Scholar 

  13. Ralph C. Merkle,Fast Software Encryption Functions, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'90, pp. 476–501, 1990.

    Google Scholar 

  14. Shoji Miyaguchi,FEAL-N specifications, technical note, NTT, 1989.

    Google Scholar 

  15. Shoji Miyaguchi,The FEAL cipher family, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'90, pp. 627–638, 1990.

    Google Scholar 

  16. Shoji Miyaguchi, Akira Shiraishi, Akihiro Shimizu,Fast Data Encryption Algorithm FEAL-8, Review of electrical communications laboratories, Vol. 36, No. 4, pp. 433–437, 1988.

    Google Scholar 

  17. National Bureau of Standards,Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.

    Google Scholar 

  18. Bart Preneel, Marnix Nuttin, Vincent Rijmen, Johan Buelens,Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'93, pp. 212–223, 1993.

    Google Scholar 

  19. Ronald L. Rivest,The RC5 Encryption Algorithm, proceedings of Fast Software Encryption, Leuven, Lecture Notes in Computer Science, pp. 86–96, 1994.

    Google Scholar 

  20. Bruce Schneier,Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), proceedings of Fast Software Encryption, Cambridge, Lecture Notes in Computer Science, pp. 191–204, 1993.

    Google Scholar 

  21. Akihiro Shimizu, Shoji Miyaguchi,Fast Data Encryption Algorithm FEAL, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'87, pp. 267–278. 1987.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Technion - Israel Institute of Technology, 32000, Haifa, Israel

    Eli Biham

  2. Applied Math. and Comp. Sci. Department, The Weizmann Institute of Science, 76100, Rehovot, Israel

    Adi Shamir

Authors
  1. Eli Biham

    You can also search for this author inPubMed Google Scholar

  2. Adi Shamir

    You can also search for this author inPubMed Google Scholar

Editor information

Burton S. Kaliski Jr.

Rights and permissions

Copyright information

© 1997 Springer-Verlag

About this paper

Cite this paper

Biham, E., Shamir, A. (1997). Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (eds) Advances in Cryptology — CRYPTO '97. CRYPTO 1997. Lecture Notes in Computer Science, vol 1294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0052259

Download citation

Publish with us

[8]ページ先頭
©2009-2025 Movatter.jp