Documente Academic
Documente Profesional
Documente Cultură
ECE 5930
correlational attack:
given plaintext and ciphertext, find key
correlational attack
(based on register state)
procedure:
1. acquire device
2. identify where in computation key is introduced
3. obtain traces for many encryptions of data (know
plaintext but not key)
RE i1
32 bits
32 bits
Expansion Permutation
48 bits
Round Key
48 bits
Substitution with 8 Sboxes
32 bits
Permutation with PBox
LE
The DPA Contest trace aquisition board DES co-processor layout. Designed for
ution scheduled at one round per clock cycle. [9]
RE
correlation attack
plaintext
RE i1
32 bits
32 bits
Expansion Permutation
48 bits
Round Key K
48 bits
Substitution with 8 Sboxes
32 bits
Permutation with PBox
LE
RE
48 bits
S7
S8
19
which contain that sensitive data value. The resulting plot is shown in Figure
verifying HD model
(does HD correlate with power?)
in each power trace for 1000 total power traces (the correlation improves as more traces are
used, 1000 traces is sufficient to produce high correlation values). The results are shown in
(where does register write occur?)
Figure 12.
h = HD(R0,R1)
Figure 12: The correlation between the first round sensitive data and the power traces for each
point j in the power traces.
1000 traces
verifying
HD
model,
contd
ar relationship between
the
sensitive
data
and
the
power
co
(is s-box output correlated to power?)
he first DES round. In general, a higher Hamming distance
n the DES encryption process. This verifies the utility of th
his specific DES implementation. Based on this informati
ample correlation between the power consumption and th
traces
alculate the correlation between the power500
trace
and the s
sing Pearsons sample correlation coefficient, given by:
(h
h )(p (t ) p(t ))
rsb =
(n
1)
h profiling,
p(tj )we can conclude that a basic
sed on the information gained from this power
h=
HD(R0(9,17,23,31),R1(9,17,23,31))
ntial power analysis attack is possible on the DES system used to create the DPA
only
need
look atoutlines
points the details of how to retrieve key bits from
st powernote:
traces.
The
nexttosection
manifested in
correlational attack
(based on register state)
procedure:
1. acquire device
2. identify where in computation key is introduced
3. obtain traces for many encryptions of data (know
plaintext but not key)
rsb =
(sb)
n
i=1 (hi
correlation attack
(known plaintext; unknown key)
LE i1
RE i1
32 bits
32 bits
Expansion Permutation
48 bits
Round Key K
48 bits
Substitution with 8 Sboxes
32 bits
Permutation with PBox
LE
RE
48 bits
i
Figure 4: S1
This figureS2is from Lecture
3 ofS4Lecture S5
Notes on S6
S3
Computer and Network Security by Avi Kak
19
S7
S8
there will exist a peak in the correlation which corresponds to the correct key. The results
for a single S-box after 500 power traces are seen in Figure 14. This shows the correct key
guess as a spike in the correlation at guess 14 (which tells us the correct subkey for this
S-box is 13).
Figure 14: The correlation between the power information and the sensitive data for each 6-bit
key guess in a single S-box.
The process is repeated for each S-box to create a table of correlation coefficients con-
correlation is the correct key. An example plot for all 8 S-boxes is shown in Figure 15. This
shows the correct 6-bit key values for the first round subkey (56 11 59 38 0 13 25 55) as
peaks in the correlation.
(after finding which points s-box HD is correlated with)
Figure 15: The correlation between the sensitive data and the power information for all 8 S-boxes.