[5594] in cryptography@c2.net mail archive
Re: Power analysis of AES candidates
daemon@ATHENA.MIT.EDU (Eugene Leitl)
Tue Sep 14 19:29:54 1999
From: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
Date: Tue, 14 Sep 1999 14:58:45 -0700 (PDT)
To: John Gilmore <gnu@toad.com>
Cc: "Cryptography@C2. Net" <cryptography@c2.net>
In-Reply-To: <199909142035.NAA09379@toad.com>
John Gilmore writes:
> What are you guys talking about? Differential power analysis doesn't
> require any physical attack, nor does it deal with voltage
> variations. (You are probably thinking of Shamir's fault-injection
You can't do differential power analysis if you supply power
photonically to an encapsulated unit. Power dissipated gets averaged
out over time so you can't just monitor the temperature.
> attacks.) Differential power analysis measures the current
> consumption of the part as it operates, completely outside the device.
1) A self contained, sealed unit is immune to this
2) What prevents us from measuring the power & fill out lacunes a la
resistance heating? The unit would then show constant dissipation
regardless of which computation it performs.
> It uses statistical techniques to confirm or reject hypotheses about
> the key values being operated on in the final rounds of encryption
> algorithms. Paul Kocher's team has developed some countermeasures,
> see the end of the technical discussion linked from:
>
> http://www.cryptography.com/dpa/index.html
>
> John
