Cryptography Reference
In-Depth Information
DES encryption. The key is said to be unreadable and built into hardware — the
chips are referred to as
tamperproof
. However, heat, microwaves, ionizing
radiation, and similar things can be applied to 'flip' some bits in internal reg-
isters. In contrast to attacks using related keys, this attack uses 'related keys of
rounds'. Plausible probability-theoretical assumptions have it that this allows
an attacker to reveal stored DES keys. To this end, the same plaintext is used
over and over again to encrypt it by means of round's keys disturbed differently
every time.
This method was first used by Boneh, Demillo, and Lipton (Bellcore) against
RSA (Section 4.5.3), but not published. Only an article by Markoff in the
New York Times
of September 26, 1996, documented it. Again, the famed
cryptanalysts Biham and Shamir emerged, claiming that the method can be
transferred to complex block algorithms. They launched an attack against DES,
in which 200 created ciphertexts were sufficient. Most interestingly, it is not
necessary to know the plaintext. There's more to it — even the structure of
unknown
Feistel algorithms could allegedly be recovered in this way!
Biham calls this cryptanalysis
differential fault analysis
(
DFA
). But it is still
very new; I put a rough description of the method in a file on our Web site. I
found the reference on Biham's homepage on the Internet. This topic had been
fiercely discussed; visit
http://cryptome.org
and, searching for 'DFA',
have a look around.
The chip card manufacturers naturally claimed that there was no way of pur-
posefully influencing the key bits. Would you say otherwise in their place?
For one thing, what we learn from this attack are the unusual ideas cryptanalysts
come forth with, and the many different things one has to think of when
developing an algorithm. But if you think this was bad it will get worse.
A Sensational Improvement by Anderson and Kuhn
Anderson and Kuhn (article on the Web site) said the chip card manufacturers
are not totally wrong. In reality, both the keys and the encryption program are
stored in the same EEPROM. A randomly flipped bit normally influences the
program, and what you get after exposure to radiation is just garbage rather
than a slightly modified ciphertext — if anything at all will come out.
The authors thought that one should rather attack the
program code
. Pay-TV
pirates have recently started using similar techniques, including techniques that
interrupt the power supply to the chips for fractions of a microsecond, or,
