Cryptology ePrint Archive: Report 2017/057

Single--Trace Template Attack on the DES Round Keys of a Recent Smart Card

Mathias Wagner and Stefan Heyse

Abstract: A new template attack on the DES key scheduling is demonstrated that allows recovery of a sufficiently large portion of the DES key of a recent and widely deployed smart card chip with a {\it single} EM (electromagnetic) trace during the Exploitation Phase. Depending on the use case, the remainder of the key may then be found with reasonable brute--force effort on a PC. Remaining rest entropies as low as $\approx 19$ bits have been found for some single--trace attacks, meaning that effectively 37 bits were recovered in a single trace. The nature of single--trace attacks has it that conventional software countermeasures are rendered useless by this attack, and thus the only remaining remedy is a hardware redesign.

Category / Keywords: implementation / DES, TDES, Template Attack, Side-channel Attack, Smart Card, SCA, block cipher

Date: received 26 Jan 2017, last revised 30 Jan 2017

Contact author: mathias wagner at nxp com

Available format(s): PDF | BibTeX Citation

Note: minor typos got corrected and a reference added.

Version: 20170131:151322 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]