Paper 2017/057

Single--Trace Template Attack on the DES Round Keys of a Recent Smart Card

Mathias Wagner and Stefan Heyse

Abstract

A new template attack on the DES key scheduling is demonstrated that allows recovery of a sufficiently large portion of the DES key of a recent and widely deployed smart card chip with a {\it single} EM (electromagnetic) trace during the Exploitation Phase. Depending on the use case, the remainder of the key may then be found with reasonable brute--force effort on a PC. Remaining rest entropies as low as $\approx 19$ bits have been found for some single--trace attacks, meaning that effectively 37 bits were recovered in a single trace. The nature of single--trace attacks has it that conventional software countermeasures are rendered useless by this attack, and thus the only remaining remedy is a hardware redesign.

Note: minor typos got corrected and a reference added.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
DESTDESTemplate AttackSide-channel AttackSmart CardSCAblock cipher
Contact author(s)
mathias wagner @ nxp com
History
2017-01-31: received
Short URL
https://ia.cr/2017/057
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/057,
      author = {Mathias Wagner and Stefan Heyse},
      title = {Single--Trace Template Attack on the DES Round Keys of a Recent Smart Card},
      howpublished = {Cryptology ePrint Archive, Paper 2017/057},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/057}},
      url = {https://eprint.iacr.org/2017/057}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.