Abstract
This paper presents an improved simple power attack against the key schedule of Camellia. While the original attack required an exact determination of the Hamming weight of intermediate data values based on power measurements, in this paper, two types of the simple power attack are presented and shown to be tolerant of errors that might occur in the Hamming weight determinations. In practical applications of the attack, such errors are likely to occur due to noise and distortion in the power measurements and their mapping to the Hamming weights of the data. To resist these attacks, the required design rationale of key schedules and several practical countermeasures are suggested.
Similar content being viewed by others
References
Aoki K, Ichikawa T, Kanda M, et al. Camellia: A 128-bit Block Cipher Suitable for Multiple Platforms-design and Analysis[C]//SAC 2000 (LNCS 2012). Berlin: Springer-Verlag, 2001: 39.
Kanda M. Practical Security Evaluation against Differential and Linear Attacks for Feistel Ciphers with SPN Round Function[C]//SAC 2000 (LNCS 2012).Berlin: Springer-Verlag, 2001: 324.
Shirai T, Kanamaru S, Abe G. Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia[C]//FSE 2002 (LNCS 2365). Berlin: Springer-Verlag, 2002: 128.
Yeom Y, Park S, Kim I. On the Security of CAMELLIA against the Square Attack[C]// FSE 2002 (LNCS 2365). Berlin: Springer-Verlag, 2002: 89.
National Institute of Standards and Technology. Federal Information Processing Standards Publication 197 (FIPS197) —Advanced Encryption Standard (AES) [EB/OL]. [2007-06-11]. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
Preneel B. New European Schemes for Signatures Integrity and Encryption (NESSIE)[J]. Lecture Notes in Computer Science, 2002: 297–209.
Kocher P, Jaffe J, Jun B. Differential Power Analysis[C]// CRYPTO’99 (LNCS 1666). Berlin: Springer-Verlag, 1999: 388.
Messerges T S. Using Second-Order Power Analysis to Attack DPA Resistant Software[C]//CHES 2000 (LNCS 1965). Berlin: Springer-Verlag, 2000: 238.
Biham E, Shamir A. Power Analysis of the Key Scheduling of the AES Candidates[EB/OL].[2007-09-22]. http://csrc.nist.gov/archive/aes/round1/conf2/papers/biham3.pdf.
Mangard S.A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion[C]//ICISC2002 (LNCS 2587). Berlin: Springer-Verlag, 2002: 343.
Oswald E, Preneel B A. Theoretical Evaluation of Some NESSIE Candidates Regarding Their Susceptibility towards Power Analysis Attacks[R]. Leuven-Heverlee, Belgium: Department of Electrical Engineering, Katholieke Universiteit Leuven, 2002.
Xiao L, Heys H. A Simple Power Analysis Attack against the Key Schedule of the Camellia Block Cipher[J]. Information Processing Letters, 2005, 95: 409–412.
Tiri K, Akmal M, Verbauwhede I A. Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to withstand Differential Power Analysis on Smart Cards[C]//Proceeding of the 28th European Solid-State Circuits Conference, Florence: IEEE Press, 2002: 403.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article was retracted due to copyright violation.
Foundation item: Supported by the National Natural Science Foundation of China (60673072) and the Natural Basic Research Program of China (2007CB311201)
An erratum to this article can be found at http://dx.doi.org/10.1007/s11859-009-0616-8
Rights and permissions
About this article
Cite this article
Liu, S., Ni, H., Hu, Y. et al. An improved simple power attack against Camellia’s key schedule. Wuhan Univ. J. Nat. Sci. 13, 591–594 (2008). https://doi.org/10.1007/s11859-008-0516-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0516-3