Side-Channel Attack on Substitution Blocks

  • Roman Novak
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)


We describe a side-channel attack on a substitution block, which is usually implemented as a table lookup operation. In particular, we have investigated smartcard implementations. The attack is based on the identifying equal intermediate results from power measurements while the actual values of these intermediates remain unknown. A powerful attack on substitution blocks can be mounted if the same table is used in multiple iterations and if cross-iteration comparisons are possible. Adversaries can use the method as a part of reverse engineering tools on secret algorithms. In addition to the described method, other methods have to be employed to completely restore the algorithm and its accompanying secret key. We have successfully used the method in a demonstration attack on a secret authentication and session-key generation algorithm implemented on SIM cards in GSM networks. The findings provide guidance for designing smartcard solutions that are secure against this kind of attack.


Smart Card Relevant Measurement Cryptographic Algorithm Power Trace Template Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Kocher, P.: Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s): Attacks and Assessment Methodologies. In: Cryptographic Hardware and Embedded Systems – CHES 2002 (2002)Google Scholar
  4. 4.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Rao, J.R., Rohatgi, P., Scherzer, H., Tinguely, S.: Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, California, May 12-15, 2002, pp. 31–44. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  6. 6.
    Fahn, P.N., Pearson, P.K.: IPA: A New Class of Power Attacks. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 173–186. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: Proceedings of the USENIX Workshop on Smartcard Technology – Smartcard, Chicago, Illinois, May 10-11, USENIX Association, pp. 9–20 (1999)Google Scholar
  8. 8.
    Clavier, C., Coron, J.S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Tanenbaum, A.S.: Computer Networks. Prentice Hall PTR, Englewood Cliffs (2002)Google Scholar
  10. 10.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Countermeasures to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Roman Novak
    • 1
  1. 1.Jozef Stefan InstituteLjubljanaSlovenia

Personalised recommendations