[5593] in cryptography@c2.net mail archive
Re: Power analysis of AES candidates
daemon@ATHENA.MIT.EDU (Andreas Bogk)
Tue Sep 14 19:29:32 1999
To: John Gilmore <gnu@toad.com>
Cc: "Cryptography@C2. Net" <cryptography@c2.net>
From: Andreas Bogk <andreas@andreas.org>
Date: 15 Sep 1999 00:04:53 +0000
In-Reply-To: John Gilmore's message of "Tue, 14 Sep 1999 13:35:25 -0700"
John Gilmore <gnu@toad.com> writes:
> What are you guys talking about? Differential power analysis doesn't
> require any physical attack, nor does it deal with voltage
> variations. (You are probably thinking of Shamir's fault-injection
The usual setup for DPA involves a 10 Ohm resistor which sits in the
power supply and measuring the voltage across that resistor. The
countermeasure we're talking about is an on-chip capacitor that
smoothes the power consumption, or a power supply inside an
tamper-resistant package such as the Dallas iButton, which essentially
serves the same purpose.
> algorithms. Paul Kocher's team has developed some countermeasures,
> see the end of the technical discussion linked from:
Making it impossible to measure the power consumption _is_ one of the
countermeasures discussed there.
Andreas
--
"Niemand hat die Absicht, eine Firewall einzurichten"
-- Peter Berlich <peter@berlich.de>, dasr
