Paper 2017/1257

A first-order chosen-plaintext DPA attack on the third round of DES

Oscar Reparaz and Benedikt Gierlichs

Abstract

DPA attacks usually exhibit a "divide-and-conquer" property: the adversary needs to enumerate only a small space of the key (a key sub-space) when performing the DPA attack. This is achieved trivially in the outer rounds of a cryptographic implementation since intermediates depend on only few key bits. In the inner rounds, however, intermediates depend on too many key bits to make DPA practical or even to pose an advantage over cryptanalysis. For this reason, DPA countermeasures may be deployed only to outer rounds if performance or efficiency are critical. This paper shows a DPA attack exploiting leakage from the third round of a Feistel cipher, such as DES. We require the ability of fixing inputs, but we do not place any special restriction on the leakage model. The complexity of the attack is that of two to three DPA attacks on the first round of DES plus some minimal differential cryptanalysis.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. MINOR revision.CARDIS 2017
Keywords
side-channel attackDPAcountermeasureDES
Contact author(s)
oscar reparaz @ esat kuleuven be
History
2017-12-30: received
Short URL
https://ia.cr/2017/1257
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1257,
      author = {Oscar Reparaz and Benedikt Gierlichs},
      title = {A first-order chosen-plaintext DPA attack on the third round of DES},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1257},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1257}},
      url = {https://eprint.iacr.org/2017/1257}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.