Power analysis has been a powerful and thoroughly studied threat for implementations of block ciphers and public key algorithms but not yet for stream ciphers. Based on the consumed power differences between two neigh...Power analysis has been a powerful and thoroughly studied threat for implementations of block ciphers and public key algorithms but not yet for stream ciphers. Based on the consumed power differences between two neighboring clock cycles, this paper presents a correlation power analysis (CPA) attack on the synchronous stream cipher DECIM^v2 (the tweaked version of the original submission DECIM). This attack resynchronizes the cryptographic device ceaselessly with many different initialization values (IVs) to obtain enough power traces. Then by modeling the statistical properties of the differential power traces with the correlation coefficients, the proposed attack algorithm can completely reveal the secret key of DECIM^v2. Furthermore, a simulation attack is mounted to confirm the validity of the algorithm. The results show that the entire secret key of DECIM^v2 can be restored within several minutes by performing 12 CPA attacks. It seems that there are still some defects in the design of DECIM^v2 and thus some further improvements should be made to resist the proposed attack.展开更多
基金supported by the National Basic Research Program of China (2007CB311201)the National Natural Science Foundation of China (60833008, 60803149)
文摘Power analysis has been a powerful and thoroughly studied threat for implementations of block ciphers and public key algorithms but not yet for stream ciphers. Based on the consumed power differences between two neighboring clock cycles, this paper presents a correlation power analysis (CPA) attack on the synchronous stream cipher DECIM^v2 (the tweaked version of the original submission DECIM). This attack resynchronizes the cryptographic device ceaselessly with many different initialization values (IVs) to obtain enough power traces. Then by modeling the statistical properties of the differential power traces with the correlation coefficients, the proposed attack algorithm can completely reveal the secret key of DECIM^v2. Furthermore, a simulation attack is mounted to confirm the validity of the algorithm. The results show that the entire secret key of DECIM^v2 can be restored within several minutes by performing 12 CPA attacks. It seems that there are still some defects in the design of DECIM^v2 and thus some further improvements should be made to resist the proposed attack.
