Probing Attacks On Tamper-Resistant Devices

  • Helena Handschuh
  • Pascal Paillier
  • Jacques Stern
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1717)


This paper describes a new type of attack on tamper-resistant cryptographic hardware. We show that by locally observing the value of a few RAM or adress bus bits (possibly a single one) during the execution of a cryptographic algorithm, typically by the mean of a probe (needle), an attacker could easily recover information on the secret key being used; our attacks apply to public-key cryptosystems such as RSA or El Gamal, as well as to secret-key encryption schemes including DES and RC5.


Block Cipher Cryptographic Algorithm Round Function Modular Exponentiation Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Anderson, M. Kuhn. Low Cost Attacks on Tamper-Resistant Devices. In Security Protocol Workshop’97, LNCS 1361, pp. 125–136. Springer-Verlag. 1997.CrossRefGoogle Scholar
  2. 2.
    E. Biham, A. Shamir. Differential Fault Analysis of Secret Key Cryptosystems. In Advances in Cryptology-Crypto’97, LNCS 1294, pages 513–525. Springer-Verlag, 1997.CrossRefGoogle Scholar
  3. 3.
    D. Boneh, R. DeMillo and R. Lipton. On the Importance of Checking Cryptographic Protocols for Faults. n Advances in Cryptology-Eurocrypt’97, LNCS 1233, pages 37–51. Springer-Verlag, 1997.Google Scholar
  4. 4.
    FIPS PUB 186, February 1, 1993, Digital Signature Standard.Google Scholar
  5. 5.
    T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In IEEE Transactions on Information Theory, Volume IT-31, no. 4, pages 469–472, July 1985.MathSciNetGoogle Scholar
  6. 6.
    H. Feistel. Cryptography and computer privacy. In Scientific american, 1973.Google Scholar
  7. 7.
    H. Handschuh and H. Heys. A Timing Attack on RC5. In SAC9’8-Workshop on Selected Areas in Cryptography, LNCS 1556, pages 306–320. Springer-Verlag, 1999.zbMATHGoogle Scholar
  8. 8.
    B. S. Kaliski and Y. L. Yin. On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm. In Advances in Cryptology-Crypto’95, LNCS 963, pages 171–184. Springer-Verlag, 1995.Google Scholar
  9. 9.
    L. R. Knudsen and W. Meier. Improved Differential Attacks on RC5. In Advances in Cryptology-Crypto’96, LNCS. Springer-Verlag, 1996.Google Scholar
  10. 10.
    Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology-Crypto’96, LNCS. Springer-Verlag, 1996. Available from <>.Google Scholar
  11. 12.
    .Matsui. Linear cryptanalysis method for DES Cipher. In Advances in Cryptology-EUROCRYPT’93, LNCS 765. Springer-Verlag, 1994.Google Scholar
  12. 13.
    U.S. National Bureau of Standards. Data Encryption Standard, Federal Information Processing Standard Publication 46–2, 1977.Google Scholar
  13. 14.
    P. Paillier. Evaluating Differential Fault Analysis of Unknown Cryptosystems. In Public Key Cryptography-PKC’99, LNCS 1560. Springer-Verlag, 1999.Google Scholar
  14. 15.
    R. L. Rivest. The RC5 Encryption Algorithm. In Fast Software Encryption-Second International Workshop, Leuven, Belgium, LNCS 1008, pages 86–96, Springer-Verlag, 1995.zbMATHGoogle Scholar
  15. 16.
    R. L. Rivest, A. Shamir, L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystem. In Communications of the ACM, vol. 21, 1978.Google Scholar
  16. 17.
    B. Schneier et al. Side-Channel Attacks. To appear In Cardis’98-LNCS. Springer-Verlag, 1998.Google Scholar
  17. 18.
    A. A. Selçuk. New results in linear cryptanalysis of RC5. In Fast Software Encryption 5-LNCS 1372. pages 1–16, Springer-Verlag, 1998. Springer-Verlag, 1998.Google Scholar
  18. 19.
    J. Kilian, P. Rogaway, “How to protect DES against exhaustive key search, CRYPTO’96, LNCS 1109, Springer-Verlag, 1996, pp. 252–267.Google Scholar
  19. 20.
    E. Biham & A. Shamir, The next stage of differential fault analysis: How to break completely unknown cryptosystems, Preprint, 1996.Google Scholar
  20. 21.
    R. Anderson, Robustness principles for public-key protocols, LNCS, Advances in Cryptology, Proceedings of Crypto’95, Springer-Verlag, pp. 236–247, 1995.Google Scholar
  21. 22.
    R. Anderson & S. Vaudenay, Minding your p’s and q’s, LNCS, Advances in Cryptology,Proceedings of Asiacrypt’96, Springer-Verlag, pp. 26–35, 1996.zbMATHGoogle Scholar
  22. 23.
    C. Schnorr, Efficient Identification and Signatures for Smart-Cards, Advances in Cryptology: Eurocrypt’89 (G. Brassard ed.), LNCS 435, Springer-Verlag, pp. 239–252, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Helena Handschuh
    • 1
  • Pascal Paillier
    • 1
  • Jacques Stern
    • 2
  1. 1.Gemplus/ENSTFrance
  2. 2.Ecole Normale SupérieureFrance

Personalised recommendations