Cryptography Reference
In-Depth Information
4 FPCA on DES Implementations
All our experiments were conducted on real power consumption traces recorded
from three different hardware implementations of DES coprocessor. The first ar-
chitecture is the unprotected DES of
DPA Contest
. The second and the third
ones deal with two masking styles: USM and Masked-ROM [18] DES implemen-
tation which are configured in an Altera Stratix II FPGA on the SASEBO-B
evaluation board provided by the RCIS [25]. Moreover, we note that the length of
acquired side channel traces covers only the first two rounds for all investigated
DES implementations.
Following the recent advances concerning the comparison of univariate side-
channel distinguishers [30], Standaert et al. proposed two evaluation metrics [31]
to assess the performance of different attacks. On one hand, the first-order suc-
cess rate expresses the probability that, given a pool of traces, the attack's best
guess is the correct key. On the other hand, the guessing entropy measures the
position of the correct key in a list of key hypotheses ranked by a distinguisher.
In this paper, we deal with DoM, DPA, CPA, and VPA attacks. These attacks
have shown their eciency to break cryptographic implementations. Moreover,
they are the basis of new derived distinguishers like the Spearman's rank correla-
tion [4]; the correlation concept of Kendall is also of potential interest. Recently,
Gierlichs et al. have presented an article dealing with the comparison of many
existing distinguishers related to the aforementioned attacks [9]. For the reason
that we aim at making a reliable evaluation for our attack (FPCA), the rest of
the paper deals with experiments on unprotected and masked implementations
which have been the target of the mentioned attacks.
4.1 FPCA on Unprotected DES
In order to mount a successful FPCA on unprotected DES we fixed the “mean”
as
CS
, as it is shown that such implementation is very vulnerable against dif-
ferential attacks which are generally based on the “mean” in their calculations.
In fact, the leakage related to the mean is linearly correlated to the power con-
sumption model
HD
=
{
0
,
1
,
2
,
3
,
4
}
. For this purpose, the weight vector
W
can be defined as follows:
W
=
. One other alternative is to
consider the probability that one trace belongs to one partition according to
one power consumption model. Hence
W
=
{−
2
,
−
1
,
0
,
+1
,
+2
}
.Results
regarding attacks on unprotected DES implementation are depicted in Fig. 3
and Fig. 4. Indeed, the first-order success rate shows a superior performance of
FPCA attack. This can be explained by the fact that DoM, CPA, and DPA are
implicitly taking into account only the position factor relatively to our proposed
attack. According to Fig. 4, FPCA needs around 160 traces to perform a suc-
cessful attack. Unsurprisingly, the guessing entropy metric depicted in Fig. 3 is
in accordance with the first success rate results. One note is that FPCA is able
to distinguish the
secret key
at an early stage. In fact, only 30 traces are required
to get the
secret key
in the top ten of the key hypotheses rank list.
{−
0
.
25
,
−
1
,
0
,
+1
,
+0
.
25
}
Search WWH ::
Custom Search