Journal of Cryptographic Engineering

, Volume 1, Issue 1, pp 5–27 | Cite as

Introduction to differential power analysis

  • Paul Kocher
  • Joshua Jaffe
  • Benjamin Jun
  • Pankaj Rohatgi
Open Access
Regular Paper

Abstract

The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs. This paper examines how information leaked through power consumption and other side channels can be analyzed to extract secret keys from a wide range of devices. The attacks are practical, non-invasive, and highly effective—even against complex and noisy systems where cryptographic computations account for only a small fraction of the overall power consumption. We also introduce approaches for preventing DPA attacks and for building cryptosystems that remain secure even when implemented in hardware that leaks.

Keywords

Differential power analysis DPA SPA Side-channel attacks Tamper resistance Cryptanalysis 

References

  1. 1.
    Biham E., Shamir A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S. A. (eds) CRYPTO, Lecture Notes in Computer Science, vol. 537, pp. 2–21. Springer, Berlin (1990)Google Scholar
  2. 2.
    Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL Cipher. In: EUROCRYPT, pp. 81–91 (1992)Google Scholar
  3. 3.
    Boneh, D., DeMillo, R. A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: EUROCRYPT, pp. 37–51 (1997)Google Scholar
  4. 4.
    Biham E., Shamir A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (eds) CRYPTO, Lecture Notes in Computer Science, vol. 1294, pp. 513–525. Springer, Berlin (1997)Google Scholar
  5. 5.
    Kocher P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (eds) CRYPTO, Lecture Notes in Computer Science, vol. 1109, pp. 104–113. Springer, Berlin (1996)Google Scholar
  6. 6.
    Dhem J.-F., Koeune F., Leroux P.-A., Mestré P., Quisquater J.-J., Willems J.-L.: A practical implementation of the timing attack. In: Quisquater, J.-J., Schneier, B. (eds) CARDIS, Lecture Notes in Computer Science, vol. 1820, pp. 167–182. Springer, Berlin (1998)Google Scholar
  7. 7.
    Anderson R., Kuhn M.: Tamper resistance—a cautionary note. Second Usenix Workshop on Smartcard Technology 1, 1 (1996)Google Scholar
  8. 8.
    Anderson, R.J., Kuhn, M.G.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B. Lomas, T.M.A., Roe, M. (eds) Security Protocols Workshop, Lecture Notes in Computer Science, vol. 1361, pp. 125–136, Springer, Berlin (1997)Google Scholar
  9. 9.
    National Security Agency. NACSIM 5000 TEMPEST FUNDAMENTALS. http://cryptome.org/jya/nacsim-5000/nacsim-5000.htm (1982)
  10. 10.
    Mangard S., Oswald E., Popp T.: Power analysis attacks: revealing the secrets of smart cards. Springer, New York (2007). ISBN: 978-0-387-30857-9MATHGoogle Scholar
  11. 11.
    Kocher, P.C., Jaffe, J., Jun B.: Differential power analysis. In: Wiener, M.J. (ed.): Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Berlin (1999)Google Scholar
  12. 12.
    Novak R.: SPA-based adaptive chosen-ciphertext attack on RSA Implementation. In: Naccache, D., Paillier, P. (eds) Public Key Cryptography, Lecture Notes in Computer Science, vol. 2274, pp. 252–262. Springer, Berlin (2002)Google Scholar
  13. 13.
    Schramm K., Wollinger T.J., Paar C.: A new class of collision attacks and its application to DES. In: Johansson, T. (eds) FSE, Lecture Notes in Computer Science, vol. 2887, pp. 206–222. Springer, Berlin (2003)Google Scholar
  14. 14.
    Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye, M., Quisquater, J.-J. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 176–190 Springer, Berlin (2004)Google Scholar
  15. 15.
    Daniel Bleichenbacher. Bell Laboratories. Private Communication to authorsGoogle Scholar
  16. 16.
    Nguyen P.Q., Shparlinski I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151–176 (2002)CrossRefMATHMathSciNetGoogle Scholar
  17. 17.
    Howgrave-Graham N., Smart Nigel P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Boneh D., Shparlinski I.: On the unpredictability of bits of the elliptic curve diffie–Hellman scheme. In: Kilian, J. (eds) CRYPTO, Lecture Notes in Computer Science, vol. 2139, pp. 201–212. Springer, Berlin (2001)Google Scholar
  19. 19.
    Mangard S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: Lee, P.J., Lim, C.H. (eds) ICISC, Lecture Notes in Computer Science, vol. 2587, pp. 343–358. Springer, Berlin (2002)Google Scholar
  20. 20.
    Renauld M., Standaert F.-X., Veyrat-Charvillon N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds) CHES, Lecture Notes in Computer Science, vol. 5747, pp. 97–111. Springer, Berlin (2009)Google Scholar
  21. 21.
    Bose, P.: private communication regarding thermal imagingGoogle Scholar
  22. 22.
    Shamir, A.,Tromer, E.: Acoustic cryptanalysis: On nosy people and noisy machines. http://people.csail.mit.edu/tromer/acoustic/
  23. 23.
    Ferrigno, J., Hlavac, M.: When AES blinks: introducing optical side channel, IET Information Security, vol. 2, 3rd edn. pp. 94–98 (2008)Google Scholar
  24. 24.
    Skorobogatov, S.P.: Using optical emission analysis for estimating contribution to power analysis. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC, IEEE Computer Society, pp. 111–119 (2009)Google Scholar
  25. 25.
    Boer, B. den, Lemke, K., Wicke, G.: A DPA attack against the modular reduction within a CRT implementation of RSA. In: Kaliski, B.S. Jr., Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, Lecture Notes in Computer Science, vol. 2523. pp. 228–243. Springer, Berlin (2003)Google Scholar
  26. 26.
    Jaffe, J.: Introduction to differential power analysis. In: Summer School on Cryptographic Hardware, Side-Channel and Fault Attacks, ECRYPT, pp. 42–45 (2006)Google Scholar
  27. 27.
    Jaffe J.: A first-order DPA attack against AES in counter mode with unknown initial counter. In: Paillier, P., Verbauwhede, I. (eds) CHES, Lecture Notes in Computer Science, vol. 4727, pp. 1–13. Springer, Berlin (2007)Google Scholar
  28. 28.
    Jaffe, J.: Using chosen messages to reduce DPA attack complexity (e.g. MISTY1) and to Amplify Leakage. CHES 2009 rump session presentation (2009)Google Scholar
  29. 29.
    Fouque P.-A., Valette F.: The doubling attack—why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds) CHES, Lecture Notes in Computer Science, vol. 2779, pp. 269–280. Springer, Berlin (2003)Google Scholar
  30. 30.
    Schindler, W.: A timing attack against RSA with the Chinese remainder theorem. In: Koç, Ç. K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2000, Second International Workshop, Worcester, MA, USA, August 17–18, 2000, Proceedings, Lecture Notes in Computer Science, vol. 1965, pp. 109–124. Springer, Berlin (2000)Google Scholar
  31. 31.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Ning, P., De Capitani Vimercati di, S., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security. ACM, pp. 286–296 (2007)Google Scholar
  32. 32.
    Veyrat-Charvillon, N., Standaert, F.-X.: Adaptive chosen-message side-channel attacks. In: Zhou, J., Yung, M. (eds.) ACNS, Lecture Notes in Computer Science, vol. 6123, pp. 186–199 (2010)Google Scholar
  33. 33.
    Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2000, Second International Workshop, Worcester, MA, USA, August 17–18, 2000, Proceedings, Lecture Notes in Computer Science, vol. 1965, pp.252–263. Springer, Berlin (2000)Google Scholar
  34. 34.
    Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 1–15. Springer, Berlin (2004)Google Scholar
  35. 35.
    Cryptography Research, Inc. DPA of SHA-1-based Key Derivation, March 2010. DPA Workstation TrainingGoogle Scholar
  36. 36.
    Jaffe, J.: DPA—what’s now possible. CHES 2010 rump session presentation (2010)Google Scholar
  37. 37.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer, Berlin (2004)Google Scholar
  38. 38.
    Gierlichs B., Batina L., Tuyls P., Preneel B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds) CHES, Lecture Notes in Computer Science, vol. 5154, pp. 426–442. Springer, Berlin (2008)Google Scholar
  39. 39.
    Quisquater J.-J., Samyde D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T.P. (eds) E-smart, Lecture Notes in Computer Science, vol. 2140, pp. 200–210. Springer, Berlin (2001)Google Scholar
  40. 40.
    Gandolfi K., Mourtel C., Olivier F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds) CHES, Lecture Notes in Computer Science, vol. 2162, pp. 251–261. Springer, Berlin (2001)Google Scholar
  41. 41.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski, B.S. Jr., Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, Lecture Notes in Computer Science, vol. 2523, pp. 29–45. Springer, Berlin (2003)Google Scholar
  42. 42.
    Bernstein, D.J.: Cache-timing attacks on AES. Technical report (2005)Google Scholar
  43. 43.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology—CT-RSA 2006, The Cryptographers Track at the RSA Conference 2006. pp. 1–20. Springer, Berlin (2005)Google Scholar
  44. 44.
    Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: in Cryptology—CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007. p 225–242. Springer, Berlin (2007)Google Scholar
  45. 45.
    Chari S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed): Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, Lecture Notes in Computer Science, vol. 1666, pp. 398–412. Springer, Berlin (1999)Google Scholar
  46. 46.
    Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2000, Second International Workshop, Worcester, MA, USA, August 17–18, 2000, Proceedings, Lecture Notes in Computer Science, vol. 1965, pp. 238–251. Springer, Berlin (2000)Google Scholar
  47. 47.
    Joye, M., Paillier, P., Berry, S.: On second-order differential power analysis. In: Rao, J.R., Sunar, B. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2005, 7th International Workshop, Edinburgh, UK, August 29–September 1, 2005, Proceedings, Lecture Notes in Computer Science, vol. 3659, pp. 293–308. Springer, Berlin (2005)Google Scholar
  48. 48.
    Oswald E., Mangard S., Herbst C., Tillich S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (eds) CT-RSA, Lecture Notes in Computer Science, vol. 3860, pp. 192–207. Springer, Berlin (2006)Google Scholar
  49. 49.
    Prouff E., Rivain M., Bevan R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)CrossRefMathSciNetGoogle Scholar
  50. 50.
    Standaert F.-X., Veyrat-Charvillon N., Oswald E., Gierlichs B., Medwed M., Kasper M., Mangard S.: The world is not enough: another look on second-order DPA. In: Abe, M. (eds) ASIACRYPT, Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer, Berlin (2010)Google Scholar
  51. 51.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S. Jr., Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, Lecture Notes in Computer Science, vol. 2523, pp. 13–28. Springer, Berlin (2003)Google Scholar
  52. 52.
    Rechberger C., Oswald E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds) WISA, Lecture Notes in Computer Science, vol. 3325, pp. 440–456. Springer, Berlin (2004)Google Scholar
  53. 53.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2005, 7th International Workshop, Edinburgh, UK, August 29–September 1, 2005, Proceedings, Lecture Notes in Computer Science, vol. 3659, pp. 30–46. Springer, Berlin (2005)Google Scholar
  54. 54.
    Novak R.: Side-Channel Attack on Substitution Blocks. In: Zhou, J., Yung, M., Han, Y. (eds) ACNS, Lecture Notes in Computer Science, vol. 2846, pp. 307–318. Springer, Berlin (2003)Google Scholar
  55. 55.
    Novak R.: Sign-Based Differential Power Analysis. In: Chae, K., Yung, M. (eds) WISA, Lecture Notes in Computer Science, vol. 2908, pp. 203–216. Springer, Berlin (2003)Google Scholar
  56. 56.
    Jaffe, J., Kocher, P., Jun, B.: Balanced cryptographic computational method and apparatus for leak minimizational in smartcards and other cryptosystems. US Patent 6,510,518Google Scholar
  57. 57.
    Jaffe, J., Kocher, P., Jun, B.: Hardware-level mitigation and DPA countermeasures for cryptographic devices. US Patent 6,654,884Google Scholar
  58. 58.
    Bystrov, A., Sokolov, D., Yakovlev, A., Koelmans, A.: Balancing power signature in secure systems. http://async.org.uk/ukasyncforum14/forum14-papers/forum14-bystrov.pdf (2003)
  59. 59.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE. IEEE Computer Society, pp. 246–251 (2004)Google Scholar
  60. 60.
    Sokolov, D., Murphy, J.P., Bystrov, A.V., Yakovlev, A.: Improving the security of dual-rail circuits. In: Joye, M., Quisquater, J.-J. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 282–297. Springer, Berlin (2004)Google Scholar
  61. 61.
    Tiri, K., Verbauwhede, I.: Design method for constant power consumption of differential logic circuits. In: DATE. IEEE Computer Society, pp. 628–633 (2005)Google Scholar
  62. 62.
    Sokolov D., Murphy J.P., Bystrov A.V., Yakovlev A.: Design and analysis of dual-rail circuits for security applications. IEEE Trans. Comput. 54(4), 449–460 (2005)CrossRefGoogle Scholar
  63. 63.
    Aigner, M.J., Mangard, S., Menicocci, R., Olivieri, M., Scotti, G., Trifiletti, A.: A novel CMOS logic style with data-independent power consumption. In: International Symposium on Circuits and Systems (ISCAS 2005), 23–26 May 2005, pp. 1066–1069. IEEE, Kobe (2005)Google Scholar
  64. 64.
    Mace, F., Standaert, F.-X., Hassoune, I., Quisquater, J.-J., Legat, J.-D.: A dynamic current mode logic to counteract power analysis attacks. In: DCIS 2004—19th Conference on Design of Circuits and Integrated Systems. pp. 186–191. 11 (2004)Google Scholar
  65. 65.
    Deniz, Z.T., Leblebici, Y.: Low-power current mode logic for improved DPA-resistance in embedded systems. In: International Symposium on Circuits and Systems (ISCAS 2005), 23–26 May 2005, pp. 1059–1062. IEEE, Kobe (2005)Google Scholar
  66. 66.
    Moore, S.W., Mullins, R.D., Cunningham, P.A., Anderson, R.J., Taylor G.S.: Improving smart card security using self-timed circuits. In: ASYNC. p. 211. IEEE Computer Society (2002)Google Scholar
  67. 67.
    Yu, Z.C., Furber, S.B., Plana, L.A.: An investigation into the security of self-timed circuits. In: ASYNC. pp. 206–215. IEEE Computer Society (2003)Google Scholar
  68. 68.
    Rakers P., Connell L., Collins T., Russell D.: Secure contactless smartcard ASIC with DPA protection. IEEE J. Solid-State Circuits 36(3), 559–565 (2001)CrossRefGoogle Scholar
  69. 69.
    Ratanpal G.B., Williams R.D., Blalock T.N.: An on-chip signal suppression counter measure to power analysis attacks. IEEE Trans. Dependable Sec. Comput. 1(3), 179–189 (2004)CrossRefGoogle Scholar
  70. 70.
    Kocher, P., Jaffe, J., Jun, B.: Using unpredictable information to minimize leakage from smartcards and other cryptosystems. US Patent 6,327,661Google Scholar
  71. 71.
    Kocher, P., Jaffe, J.: Secure modular exponentiation with leak minimization for smartcards and other cryptosystems. US Patent 6,298,442Google Scholar
  72. 72.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings, Lecture Notes in Computer Science, vol. 1717, pp. 292–302. Springer, Berlin (1999)Google Scholar
  73. 73.
    Kocher, P., Jaffe, J., Jun, B.: DES and other cryptographic, processes with leak minimization for smartcards and other cryptosystems. US Patent 6,278,783Google Scholar
  74. 74.
    Goubin, L., Patarin, J.: DES and differential power analysis (The “Duplication” Method). In: Koç Ç.K., Paar, C. (eds): Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings, Lecture Notes in Computer Science, vol. 1717, pp. 158–172. Springer, Berlin (1999)Google Scholar
  75. 75.
    Prouff E., Giraud C., Aumônier S.: Provably secure S-Box implementation based on Fourier transform. In: Goubin, L., Matsui, M. (eds) CHES, Lecture Notes in Computer Science, vol. 4249, pp. 216–230. Springer, Berlin (2006)Google Scholar
  76. 76.
    Oswald E., Mangard S., Pramstaller N., Rijmen V.: A side-channel analysis resistant description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds) FSE, Lecture Notes in Computer Science, vol. 3557, pp. 413–423. Springer, Berlin (2005)Google Scholar
  77. 77.
    Canright, D., Batina, L.: A very compact “Perfectly Masked” S-Box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds) ACNS, Lecture Notes in Computer Science, vol. 5037, pp. 446–459 (2008)Google Scholar
  78. 78.
    Kocher, P.: Leak-resistant cryptographic indexed key update. US Patent 6,539,092Google Scholar
  79. 79.
    Kocher, P.: Design and validation strategies for obtaining assurance in countermeasures to power analysis and related attacks. NIST, physical security testing workshop edition, December 2005. http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/physecdoc.html
  80. 80.
    EMV 2000: Integrated Circuit Card Specification for Payment Systems, Book 2—Security and Key Management, Appendix A1.3, December 2000. http://www.scardsoft.com/documents/EMV/EMV_2.pdf
  81. 81.
    Kocher, P., Rohatgi, P., Jaffe, J.: Verifiable leak resistant encryption and decryption, manuscript edition (2010) (To be posted at IACR ePrint archives)Google Scholar
  82. 82.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS. IEEE Computer Society, pp. 293–302 (2008)Google Scholar
  83. 83.
    Pietrzak K.: A leakage-resilient mode of operation. In: Joux, A. (eds) EUROCRYPT, Lecture Notes in Computer Science, vol. 5479 , pp. 462–482. Springer, Berlin (2009)Google Scholar
  84. 84.
    Katz J., Vaikuntanathan V.: Signature Schemes with Bounded Leakage Resilience. In: Matsui, M. (eds) ASIACRYPT, Lecture Notes in Computer Science, vol. 5912, pp. 703–720. Springer, Berlin (2009)Google Scholar
  85. 85.
    Faust S., Rabin T., Reyzin L., Tromer E., Vaikuntanathan V.: Protecting circuits from leakage: the computationally-bounded and noisy cases. In: Gilbert, H. (eds) EUROCRYPT, Lecture Notes in Computer Science, vol. 6110, pp. 135–156. Springer, Berlin (2010)Google Scholar
  86. 86.
    Yu Y., Standaert, F.-X., Pereira, O., Yung M.: Practical leakage-resilient pseudorandom generators. In: Al-Shaer E., Keromytis, A.D., Shmatikov V. (eds.) ACM Conference on Computer and Communications Security. ACM, pp. 141–151 (2010)Google Scholar
  87. 87.
    Faust S., Kiltz E., Pietrzak K., Rothblum G.N.: Leakage-resilient signatures. In: Micciancio, D. (eds) TCC, Lecture Notes in Computer Science, vol. 5978, pp. 343–360. Springer, Berlin (2010)Google Scholar
  88. 88.
    Dodis Y., Pietrzak K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: Rabin, T. (eds) CRYPTO, Lecture Notes in Computer Science, vol. 6223, pp. 21–40. Springer, Berlin (2010)Google Scholar
  89. 89.
    Center, L.: Workshop on provable security against physical attacks. http://www.lorentzcenter.nl/lc/web/2010/383/info.php3?wsid=383 (2010) Accessed Feb 2010
  90. 90.
    Standaert, F.-X., Pereira O., Yu Y., Quisquater, J.-J., Yung, M., Oswald E.: Leakage resilient cryptography in practice. Cryptology ePrint Archive, Report 2009/341. http://eprint.iacr.org/2009/341.ps (2009)

Copyright information

© The Author(s) 2011

Authors and Affiliations

  • Paul Kocher
    • 1
  • Joshua Jaffe
    • 1
  • Benjamin Jun
    • 1
  • Pankaj Rohatgi
    • 1
  1. 1.Cryptography Research, IncSan FranciscoUSA

Personalised recommendations