功耗分析攻击研究及抗功耗分析攻击密码芯片设计
|
摘要
密码模块部分是信息安全系统的关键部件,其安全性的高低直接关乎整个信息系统的安全。21世纪以前的大部分时间,对密码模块的攻击主要集中在数学分析上,主要是是以线性攻击和差分攻击为代表的传统密码分析方法,通过利用密码算法的统计特性,通过分析所选择的明密文对来获取密钥。这类攻击一般需要获取和处理巨量的数据,实际中并不总是可行的。于是有人开始分析用另外的思路,对实际工作的密码芯片进行攻击,考虑到密码芯片实际工作中总会释放一些物理信息,比如芯片工作时的电流、电压、电磁信息,以及与这些信息有关的时间信息,通过分析这些外漏的物理信息来对芯片进行攻击,这就是旁道攻击(Side Channel Attack, SCA).
从21世纪开始,功耗分析攻击成了一个针对实现的密码芯片进行旁道攻击的主要方法。它主要分为三种:简单功耗分析攻击、差分功耗分析攻击、相关性功耗分析攻击。简单功耗攻击(Simple Power Analysis Attack, SPA)利用加密操作过程中的密钥位与芯片实际功耗之间的关系直接从实际测量的功耗曲线获取密钥信息。差分功耗分析攻击(Differential Power Analysis Attack, DPA)是通过对大量明文或密文和功耗曲线的的统计分析来获取密钥信息。相关性功耗分析攻击(Correlation Power Analysis Attack, CPA)是通过事先预设一个预测模型,用其进行密码运算,得出预测的功耗信息,然后用实际的芯片进行运算,实际的功耗与预测的功耗进行相关性对比分析,从而推测出芯片的实际工作密钥。
功耗分析理论的出现给密码芯片带来了很大的安全性问题,许多文献给出了对实际密码芯片成功进行功耗攻击的实例。本文主要对几种主要的密码算法进行功耗分析研究。研究的目的,一是对密码算法进行研究,找出其实现过程中易受功耗攻击的原因;二是为了芯片设计时增加相应地防御措施以增强其抵御功耗分析攻击的能力。本文主要有如下贡献和创新点:
功耗分析平台设计与实现:为了对抗功耗攻击,密码算法在实现过程中就必须考虑抗功耗攻击的问题,因此需要一个芯片流片前评估其抗功耗分析攻击能力的平台。为此,本文通过将PC应用程序和FPGA硬件相结合设计了一种功耗分析评估平台。
基于高性能FPGA设计实现的功耗分析平台,不仅可以实现对单独的密码算法模块进行功耗分析实验,而且还可以对设计的整个芯片进行抗功耗分析能力评估。功耗分析平台的实现不仅为密码算法功耗分析的研究提供了一个实践平台,而且为密码芯片的抗功耗分析能力提供了评价平台。
RSA算法功耗分析研究和抗功耗分析攻击的USB KEY芯片设计USB Key里面常用的的公钥算法RSA易受功耗分析攻击的困扰。本文首先针对RSA算法进行了研究,通过分析知道RSA模块易受功耗分析攻击的原因是其算法中模幂运算实现的方式造成的。其模幂运算实现的基本方式是利用平方-乘积算法原理来实现,这种实现方式使得RSA运算时产生的功耗与运算密钥的每一个比特位密切相关,攻击者通过采集其工作时泄露的功耗信息进行分析,从而导致密钥被解析,因此安全性受到很大的威胁。为抵御SPA和DPA的攻击,本文提出了在模幂算法实现方式上增加随机伪操作数和应用随机混合模幂的防御算法。然后利用该算法在FPGA上实现了RSA模块并通过了仿真验证。最后在FPGA上实现了USB Key的全部设计,并围绕该FPGA搭建了功耗分析测试硬件平台,利用该平台进行功耗攻击实验。通过对基于LR模幂算法的DPA攻击和基于固定的混合模幂算法的DPA攻击,本文验证了上述模幂实现方式确实容易被DPA攻击。最后对本文提出的基于增加随机伪操作数和应用随机混合模幂的防御算法进行DPA攻击,攻击结果表明,该防御算法可以有效地防御MESD攻击。
AES算法功耗分析研究和抗功耗分析攻击的高速密码协处理器设计:为了设计具有抗功耗分析能力的AES算法模块,首先研究了AES的基本原理以及算法流程,研究了其易受功耗攻击的原因,以及相应的攻击算法。然后提出了增加掩码覆盖的防御方案。完成了抗功耗分析的AES密码模块设计,考虑到安全性和可实现性的平衡,采用了固定几个掩码,随机选择的方案以求达到近似随机掩码的目的。为了加快AES模块的运行速度,采用4级流水线设计,每3个时钟就可以完成一次加解密操作。在高速密码协处理器的设计中,内部运行机制采用并行调度机制,最大化的发挥了AES密码模块的性能。高速密码协处理器的功耗分析实验结果表明,没有掩码保护的设计,难以避免DPA攻击,加了掩码措施后,可以有效地抵御DPA攻击。
The cipher modules are key components of the information security system, its security level is directly related to the safety of the whole information system.21centuries ago, most of the time, the attack on the cipher module focused on the math-ematical analysis. Linear attack and differential attack were representative of the traditional cryptanalysis method. By utilizing the statistical properties of the cipher algorithm, by analyzing the selected plaintext or ciphertext to obtain the key. Such attacks generally need to acquire and process a huge amount of data, the practice is not always feasible. Thus someone started to analyze other ideas. Taking into account the actual fact that cipher chips always release some of the physical information when in working state, such as current, voltage, electromagnetic, as well as the time related information.By analyzing the physical information leakage to attack the chip, this is called side-channel attack
From the beginning of the21st century, power analysis attack became main side-channel attack which is usually divided into three kinds:simple power analysis attack, differential power analysis attack, correlation power analysis attack. Simple power at-tack (SPA) using the relationship between the key bits in the encryption process and the actual power consumption of the chip to acquire the key information directly from the power consumption curve of the actual measurement. Differential power analysis attack (DPA) is a method by statistically analyzing large number of plaintext or cipher-text and power curves to obtain key. Correlation power analysis attack (CPA) firstly utilizes a forecast model used for cryptographic operations to draw predicted power consumption information, by correlatively comparing actual chip power consumption with predicted power consumption to infer actual key.
The emergence of Power analysis theory against cipher chip has brought a lot of security issues, many literature showed examples of the successful power attacks. In this paper, we focused on several cipher algorithms to carry on power analysis research. The purpose of the study, is to find out the vulnerability of cipher algorithms,and then add countermeasures to resist the threat. Main contributions of the thesis are as follows::
Power analysis platform construction:To resist the threat of power attack, countermeasures must be taken into account when realizing the cipher algorithms.In this paper, by combinating PC applications with FPGA hardware,we designed a power analysis evaluation platform. Implementation of power analysis platform based on high-performance FPGA design, not only can carry out power analysis experiments for separate cipher modules, but also has the capability to assess anti-power analysis capabilities for the design of cipher chip.
RSA algorithm power analysis research and USB KEY chip design:
Public key algorithm RSA is vulnerable to power analysis attacks. Firstly.by analyzing the RSA algorithm we know that the the RSA module vulnerable to power analysis attacks is due to the Modular exponentiation algorithm implementations. The basic approach to realize modular exponentiation is square-product algorithm which makes RSA each bit of key is closely related to power consumption. Attacker analyzed the consumption information then got the key.Therefore it is a great threat to the se-curity. To counter SPA and DPA attacks, we proposed a scheme by adopting random mixed modular exponentiation algorithm plus adding random pseudo-operands to re-alize modular exponentiation algorithm.The modified RSA module was implemented in FPGA and verified. Implemented on FPGA, USB Key power analysis test hard-ware platform was established. DPA attack to RSA which was based on the LR mode algorithm and fixed mixed modular exponentiation algorithm was carried out.Results showed they are easy to be attack. Finally, our proposed scheme was also tested, results showed our scheme is strong enough to sustain MESD attack.
AES algorithm power analysis and high-speed cipher coprocessor de-sign:In order to design the AES algorithm module which has the ability of anti-power analysis,firstly the basic principle of AES algorithm flow, reasons for their vulnerabil-ity to power attack, as well as the corresponding attack algorithm were studied.And then we proposed our Mask covering scheme which enhanced the ability to counter power analysis attack.We completed the design of AES cipher module.Taking into ac- count the balance between security and resource,our scheme was achieved by using several fixed masks with random Selecting to achieve the purpose of approximation of random mask.In order to speed up the the AES module running speed, four pipeline design was implemented, every three clock time encryption and decryption can be done.In the design of high-speed cryptographic coprocessor, internal operation mecha-nism was parallel scheduling mechanism, thus maximized AES cryptographic module performance.The high-speed cryptographic coprocessor power analysis results showed that design with no mask protected is difficult to prevent the DPA attack, design with mask protected can effectively prevent the DPA attack.
从21世纪开始,功耗分析攻击成了一个针对实现的密码芯片进行旁道攻击的主要方法。它主要分为三种:简单功耗分析攻击、差分功耗分析攻击、相关性功耗分析攻击。简单功耗攻击(Simple Power Analysis Attack, SPA)利用加密操作过程中的密钥位与芯片实际功耗之间的关系直接从实际测量的功耗曲线获取密钥信息。差分功耗分析攻击(Differential Power Analysis Attack, DPA)是通过对大量明文或密文和功耗曲线的的统计分析来获取密钥信息。相关性功耗分析攻击(Correlation Power Analysis Attack, CPA)是通过事先预设一个预测模型,用其进行密码运算,得出预测的功耗信息,然后用实际的芯片进行运算,实际的功耗与预测的功耗进行相关性对比分析,从而推测出芯片的实际工作密钥。
功耗分析理论的出现给密码芯片带来了很大的安全性问题,许多文献给出了对实际密码芯片成功进行功耗攻击的实例。本文主要对几种主要的密码算法进行功耗分析研究。研究的目的,一是对密码算法进行研究,找出其实现过程中易受功耗攻击的原因;二是为了芯片设计时增加相应地防御措施以增强其抵御功耗分析攻击的能力。本文主要有如下贡献和创新点:
功耗分析平台设计与实现:为了对抗功耗攻击,密码算法在实现过程中就必须考虑抗功耗攻击的问题,因此需要一个芯片流片前评估其抗功耗分析攻击能力的平台。为此,本文通过将PC应用程序和FPGA硬件相结合设计了一种功耗分析评估平台。
基于高性能FPGA设计实现的功耗分析平台,不仅可以实现对单独的密码算法模块进行功耗分析实验,而且还可以对设计的整个芯片进行抗功耗分析能力评估。功耗分析平台的实现不仅为密码算法功耗分析的研究提供了一个实践平台,而且为密码芯片的抗功耗分析能力提供了评价平台。
RSA算法功耗分析研究和抗功耗分析攻击的USB KEY芯片设计USB Key里面常用的的公钥算法RSA易受功耗分析攻击的困扰。本文首先针对RSA算法进行了研究,通过分析知道RSA模块易受功耗分析攻击的原因是其算法中模幂运算实现的方式造成的。其模幂运算实现的基本方式是利用平方-乘积算法原理来实现,这种实现方式使得RSA运算时产生的功耗与运算密钥的每一个比特位密切相关,攻击者通过采集其工作时泄露的功耗信息进行分析,从而导致密钥被解析,因此安全性受到很大的威胁。为抵御SPA和DPA的攻击,本文提出了在模幂算法实现方式上增加随机伪操作数和应用随机混合模幂的防御算法。然后利用该算法在FPGA上实现了RSA模块并通过了仿真验证。最后在FPGA上实现了USB Key的全部设计,并围绕该FPGA搭建了功耗分析测试硬件平台,利用该平台进行功耗攻击实验。通过对基于LR模幂算法的DPA攻击和基于固定的混合模幂算法的DPA攻击,本文验证了上述模幂实现方式确实容易被DPA攻击。最后对本文提出的基于增加随机伪操作数和应用随机混合模幂的防御算法进行DPA攻击,攻击结果表明,该防御算法可以有效地防御MESD攻击。
AES算法功耗分析研究和抗功耗分析攻击的高速密码协处理器设计:为了设计具有抗功耗分析能力的AES算法模块,首先研究了AES的基本原理以及算法流程,研究了其易受功耗攻击的原因,以及相应的攻击算法。然后提出了增加掩码覆盖的防御方案。完成了抗功耗分析的AES密码模块设计,考虑到安全性和可实现性的平衡,采用了固定几个掩码,随机选择的方案以求达到近似随机掩码的目的。为了加快AES模块的运行速度,采用4级流水线设计,每3个时钟就可以完成一次加解密操作。在高速密码协处理器的设计中,内部运行机制采用并行调度机制,最大化的发挥了AES密码模块的性能。高速密码协处理器的功耗分析实验结果表明,没有掩码保护的设计,难以避免DPA攻击,加了掩码措施后,可以有效地抵御DPA攻击。
The cipher modules are key components of the information security system, its security level is directly related to the safety of the whole information system.21centuries ago, most of the time, the attack on the cipher module focused on the math-ematical analysis. Linear attack and differential attack were representative of the traditional cryptanalysis method. By utilizing the statistical properties of the cipher algorithm, by analyzing the selected plaintext or ciphertext to obtain the key. Such attacks generally need to acquire and process a huge amount of data, the practice is not always feasible. Thus someone started to analyze other ideas. Taking into account the actual fact that cipher chips always release some of the physical information when in working state, such as current, voltage, electromagnetic, as well as the time related information.By analyzing the physical information leakage to attack the chip, this is called side-channel attack
From the beginning of the21st century, power analysis attack became main side-channel attack which is usually divided into three kinds:simple power analysis attack, differential power analysis attack, correlation power analysis attack. Simple power at-tack (SPA) using the relationship between the key bits in the encryption process and the actual power consumption of the chip to acquire the key information directly from the power consumption curve of the actual measurement. Differential power analysis attack (DPA) is a method by statistically analyzing large number of plaintext or cipher-text and power curves to obtain key. Correlation power analysis attack (CPA) firstly utilizes a forecast model used for cryptographic operations to draw predicted power consumption information, by correlatively comparing actual chip power consumption with predicted power consumption to infer actual key.
The emergence of Power analysis theory against cipher chip has brought a lot of security issues, many literature showed examples of the successful power attacks. In this paper, we focused on several cipher algorithms to carry on power analysis research. The purpose of the study, is to find out the vulnerability of cipher algorithms,and then add countermeasures to resist the threat. Main contributions of the thesis are as follows::
Power analysis platform construction:To resist the threat of power attack, countermeasures must be taken into account when realizing the cipher algorithms.In this paper, by combinating PC applications with FPGA hardware,we designed a power analysis evaluation platform. Implementation of power analysis platform based on high-performance FPGA design, not only can carry out power analysis experiments for separate cipher modules, but also has the capability to assess anti-power analysis capabilities for the design of cipher chip.
RSA algorithm power analysis research and USB KEY chip design:
Public key algorithm RSA is vulnerable to power analysis attacks. Firstly.by analyzing the RSA algorithm we know that the the RSA module vulnerable to power analysis attacks is due to the Modular exponentiation algorithm implementations. The basic approach to realize modular exponentiation is square-product algorithm which makes RSA each bit of key is closely related to power consumption. Attacker analyzed the consumption information then got the key.Therefore it is a great threat to the se-curity. To counter SPA and DPA attacks, we proposed a scheme by adopting random mixed modular exponentiation algorithm plus adding random pseudo-operands to re-alize modular exponentiation algorithm.The modified RSA module was implemented in FPGA and verified. Implemented on FPGA, USB Key power analysis test hard-ware platform was established. DPA attack to RSA which was based on the LR mode algorithm and fixed mixed modular exponentiation algorithm was carried out.Results showed they are easy to be attack. Finally, our proposed scheme was also tested, results showed our scheme is strong enough to sustain MESD attack.
AES algorithm power analysis and high-speed cipher coprocessor de-sign:In order to design the AES algorithm module which has the ability of anti-power analysis,firstly the basic principle of AES algorithm flow, reasons for their vulnerabil-ity to power attack, as well as the corresponding attack algorithm were studied.And then we proposed our Mask covering scheme which enhanced the ability to counter power analysis attack.We completed the design of AES cipher module.Taking into ac- count the balance between security and resource,our scheme was achieved by using several fixed masks with random Selecting to achieve the purpose of approximation of random mask.In order to speed up the the AES module running speed, four pipeline design was implemented, every three clock time encryption and decryption can be done.In the design of high-speed cryptographic coprocessor, internal operation mecha-nism was parallel scheduling mechanism, thus maximized AES cryptographic module performance.The high-speed cryptographic coprocessor power analysis results showed that design with no mask protected is difficult to prevent the DPA attack, design with mask protected can effectively prevent the DPA attack.
引文
[1]William Stalling etc. Cryptography and Network Security Principles and Practice, sec-cond Edition, ISBN 7-5053-6604-1/TP.3665.
[2]Barker,W. "Introduction to the analysis of Data Encryption Standard(DES)," Laguna Hills,CA,Aegean Park Press,1991.
[3]NIST AdvancedEncryptionStandard (AES) [M], Federal Information Processing Stan-dards Publication,2001.
[4]R. L. Rivest, A. Shamir,L. M. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," in Communications of the ACM,1978.
[5]Menezes,A. "Elliptic Curve Public Key Cryptosystems, " 1993.
[6]Biham, E.,and Shamir,A. "Differential Cryptanalysis of the Data Encryption Standard,' Springer verlag,1993.
[7]Matsui, M, "Linear Cryptanalysis Method for DES Cipher," in Proceedings of Eurocrypt 93,1993.
[8]Paul Kocher. Joshua Jaffe, and Benjamin Jun Michael Wiener, "Differential Power Anal-ysis," in CRYPTO'99, LNCS 1666, pp.388-397,1999.
[9]KULRD SCARD Consortium, "Side Channel Attacks[R]," 2005.
[10]Gijs Hollestelle, Wouter Buger,Jerry den Hartog,"Power Analysis on Smart Card Algo-rithms Using Simultion," Eindhoven, University of Technology,2004.
[11]Regazzoni, Lugano Badel, "A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies," in Embedded Computer Systems(Architectures, Modeling and Simula-tion),2007.
[12]刘鸣,陈弘毅,白国强,“功耗分析研究平台及其应用”微电子学与计算机2005年第22卷第7期.
[13]Xuefei Bai, Yao Wang, Yifei Wang, and Xinwei Hu,"A Power Analysis Attack Software Simulation Platform Design and Its Applications," in 2nd International Conference on Computer Engineering and Technology,2010.
[14]J. Kelsey,B. Schncier,D. Wagner, et al,"Side Channel Cryptanalysis of Product Ci-phers," in Proceedings of ESORICS'98, Springer-Vcrlag,1998.
[15]Thomas S. Messerges, Ezzy A. Dabbish, Robert H. Sloan,"Investigations of Power Analysis Attacks Oil Smartcards," in Proceedings of USENIX Workshop on Smartcard Technology,1999.
[16]Paul Kocher,Joshua Jaffe,Benjamin Jun.Pankaj Rohatgi J, "Introduction to differential power analysis," in Cryptogr Eng,2011.
[17]Mudge, T. Power, "a first-class architectural design constraint," Computer,Volume 34,1s-sue 4,April 2001.
[18]Paul Kocher, Joshua Jaffe,Benjamin Jun, "Introduction to differential power analysis." in Cryptogr Eng,2011.
[19]KUNCH D E, "Seminumerical Algorithm the Art of Computer Programming [M]," Addison Wesley,1981.
[20]Brier E, Cl avier C, Oliver F, "Correlation power analysis with a leakage model [G]," in Proc of CHES2004, Berlin,2004.
[21]P.kocher, J. Jaffe, B. Jun,"Introduction to Differential Power Analysis and Related Attacks," Cryptography Research,1998.
[22]Yiqun. Sun,Lingxuan. Xin, "Power Analysis for Security Chip In Cellphone Using Prirne-TimePX",available on http://www.synopsys.com.cn/information/snug/2010/power-analysis-for-security-chip-in-cellphone-using-primetimepx.
[23]Kouichi Itoh, Jun Yajima, Masahiko Takenaka,et al,"DPA Countermeasures by Im-proving the Window Method," in CHES 2002.
[24]T. S. Messerges, E. A. Dabbish, R. H. Sloan, "Power Analysis Attacks of Mod-ular Exponentiation in Smartcards," Cryptographic Hardware and Embedded Sys-tems, CHES99,1999.
[25]Montgomery P. L, "Modular multiplication without trial division," Mathematics of Com-putation,1985,44(170):519-521.
[26]Brick el E. F, "A survey of hardware implementations of RSA," in Proceedings of the Advances in Cryptology (CRYPTO 89), Santa Barbara, USA,1990.
[27]盛骤,谢式千,潘承毅,“概率论与数理统计[M]北京,高等教育出版社,2008.
[28]P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Advances in Cryptology —CRYPTO'99, LNCS 1666, pp.388-397, Springer-Verlag,1999.
[29]T. Messerges, E. Dabbish, and R. Sloan, "Investigation of power analysis attacks on smartcards," In Usenix Workshop on Smartcard Technology 1999.
[30]C. Clavier, J.S. Coron, N. Dabbous, "Differential power analysis in the presence of hardware countermeasures," In Cryptographic Hardware and Embedded Systems— CHES 2000, LNCS 1965, pp.252-263, Springer-Verlag,2000.
[31]J.S. Coron, P. Kocher, and D. Naccache, "Statistics and secret leakage," In Financial Cryptography (FC2000), LNCS 1972, pp.157-173, Springer-Verlag,2001.
[32]Eric Brier, Christophe Clavier, and Francis Olivier,"Correlation Power Analysis with a Leakage Model," Cryptographic Hardware and Embedded Systems-CHES 2004 Lecture Notes in Computer Science,2004, Volume 3156/2004,135-152.
[33]张轶辉,王昭顺,"USB密码钥匙漏洞分析及防御策略的研究,”Aeronautical Comput-ing Technique,2007.
[34]张锟颜学龙,‘'USB KEY的体系结构分析及安全策略研究,”安全技术与管理,2009.2.
[35]SMurphy,MRobshaw, "Further Comments on the Structure of Rijndael[EB/OL]," avail-able on http://www.cs.rbbnc.ac.uk/~sean/,AESForum Comment,2000208217.
[36]SMurphy.MRobshaw, "New Observation on Rijndael[EB/OL]," available on http://www.cs.rbbnc.ac.uk/~sean/,AESForumComment,2000208207.
[37]"AESDiscussionForum[EB/OL]," available on http://aes.nist.gov/aes/,2001 2 031
[38]Wiliam Stallings, "密码编码学与网络安全[M],”电子工业出版社,2010.
[39]National Institute of Standards and Technology. FIPS-197:Advanced Encryption Stan-dard, November 2001.
[40]K. Itoh, M.Takenaka, and N. Torii, "DPA Countermeasure Based on the Masking Method," in International Conference on Information, Communications and Signal Pro-cessing-ICICS 2001, LNCS 2288, pp.440-456, Springer-Verlag,2002.
[41]J. D. Golic and Ch. Tymen, "Multiplicative Masking and Power Analysis of AES," In Cryptographic Hardware and Embedded Systems-CHES 2002,4th International Workshop, Redwood Shores, CA, USA, August 13-15,2002, Revised Papers, volume 2535 of Lecture Notes in Computer Science (LNCS), pages 198.Springer,2003.
[42]Thomas S. Messerges and Ezzy A. Dabbish, "Investigations of Power Analysis Attacks on Smartcards," USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10-11,1999.
[43]Siddika Berna Ors, Elisabeth Oswald, and Bart Preneel, "Power-Analysis Attacks on an FPGA-First Experimetnal Results," CHES 2003, LNCS 2779, pp35-50, Springer-Verlag, Berlin Heidelberg 2003.
[44]Elisabeth Oswald, Stenfan Mangard and Norbert Pramstaller, "Secure and Efficient Masking of AES-A Misson Impossible?IAIK," http://www.iaik.tu-graz.ac.at/reasearch/sca-lab/index.php
[45]E. Trichina, "Combinational Logic Design for AES SubByte Transformation on Masked Data," Cryptology ePrint Archive, Report 2003/236,2003.
[46]C. Clavier, J. Coron, and N. Dabbous, "Differential Power Analysis in the Presence of Hardware Countermeasures," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp.252-263, Springer-Verlag,2000.
[47]K. Itoh, M. Takenaka, and N. Torii, "DPA Countermeasure Based on the Mask-ing Method," International Conference on Information, Communications and Signal Processing-ICICS 2001, LNCS 2288, pp.440-456, Springer-Verlag,2002.
[48]S. Yen, "Amplified Differential Power Cryptanalysis on Rijndael Implementations with Exponentially Fewer Power Traces," in Information Security and Privacy Australasian Conference-ACISP 2003, LNCS 2727, pp.106-117, Springer-Verlag,2003.
[49]R. Bevan and E. Knudsen, "Ways to Enhance Differential Power Analysis," Information Security and Cryptology-ICISC 2002, LNCS 2587, pp.327-342,2003.
[50]J. Coron and L. Goubin, "On Boolean and Arithmetic Masking against Differential Power Analysis," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp.231-237, Springer-Verlag,2000.
[51]L. Goubin, "A Sound Method for Switching between Boolean and Arithmetic Masking," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, LNCS 2162, pp.3-15, Springer-Verlag,2001.
[52]J. Coron, A. Tchulkine, "A New Algorithm for Switching from Arithmetic to Boolean Masking," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2003, LNCS 2779, pp.89-97, Springer-Verlag,2003.
[53]Jacques J.A. Fournier, Simon Moore, Huiyun Li, Robert Mullins, and George Taylor, "Security Evaluation of Asynchronous Circuits," IST-1999-13515
[54]J. Dhem, F. Koeune, P. Leroux, P. Mestre, J.Quisquater, and J. Willems, "A Prac-tical Implementation of the Timing Attack," UCL Crypto Group Technical Report http://users.belgacom.net/dhem/papers/CG19981.pdf,1998.
[55]S. Skorobogatov and R. Anderson, "Optical Fault Induction Attacks," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2002, LNCS 2523, pp.2-12, Springer-Verlag,2003.
[56]S. Mangard, "A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion," Information Security and Cryptology-ICISC 2002, LNCS 2587, pp.343-358,2003.
[57]K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic Analysis:Concrete Results," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, LNCS 2162, pp.251-261, Springer-Verlag,2001.
[58]Hwasun Chang and Kwangjo Kim, "Securing AES against Second-Order DPA by simple Fixed-Value Masking," Computer Security Symposium 2003.
[59]Biham, E., Shamir, A, "DifferentialCryptanalysis of DES-like Cryptosystems," Lecture Notes in Computer Science, vol.537, Springer, Berlin,1990.
[60]Matsui, M., Yamagishi, A., "A new method for known plaintext attack of FEAL Cipher," In EUROCRYPT 1992.
[61]Boneh, D., DeMillo, R. A., Lipton, R.J., "On the importance of checking cryptographic protocols for faults (extended abstract)," In EUROCRYPT, pp.37,1997
[62]Biham, E., Shamir, A., "Differential fault analysis of secret key cryptosystems," CRYPTO, Lecture Notes in Computer Science, vol.1294, pp.513. Springer, Berlin, 1997.
[63]Kocher, P.C., "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO, Lecture Notes in Computer Science, vol.1109. Springer, Berlin,1996.
[64]Dhem, J.F., Koeunc, F., Leroux, P.A., et al, "A practical implementation of the timing attack," Lecture Notes in Computer Science, vol.1820. Springer, Berlin,1998.
[65]Anderson, R., Kuhn, M., "Tamper resistance cautionary note," Second Usenix Workshop on Smartcard Technology,1996.
[66]Anderson, R.J., Kuhn, M.G., "Low cost attacks on tamper resistant devices," Lecture Notes in Computer Science, vol.1361, pp.125, Springer, Berlin,1997.
[67]Mangard, S., Oswald, E., Popp, T., "Power analysis attacks:revealing the secrets of smart cards," Springer, New York 2007. ISBN:978-0-387-30857-9.
[68]Novak, R., "SPA-based adaptive chosen-ciphertext attack on RSA Implementation," Lecture Notes in Computer Science, vol.2274, pp.252. Springer, Berlin,2002.
[69]Schramm, K., Wollinger, T.J., Paar, C., "A new class of collision attacks and its appli-cation to DES," Lecture Notes in Computer Science, vol.2887. Springer, Berlin,2003.
[70]Ledig, H., Muller, F., Valette, F., " Enhancing collision attacks," In Cryptographic Hardware and Embedded Systems HES 2004:6th International Workshop Cambridge, MA, USA,2004.
[71]Howgrave-Graham, N., Smart Nigel, P., "Lattice attacks on digital signature schemes,' Des. Codes Cryptogr.23(3),283,2001.
[72]Boneh, D., Shparlinski, I., "On the unpredictability of bits of the elliptic curve diffiehell-man scheme," Lecture Notes in Computer Science, vol.2139. Springer, Berlin,2001.
[73]Mangard, S., "A simple power-analysis (SPA) attack on implementations of the AES key expansion," Lecture Notes in Computer Science, vol.2587. Springer, Berlin,2002.
[74]Renauld, M., Standaert, F.X., Veyrat-Charvillon, N. "Algebraic side-channel attacks on the AES, why time also matters in DPA," Lecture Notes in Computer Science, vol.5747. Springer, Berlin,2009.
[75]Shamir,A.,Tromer, E, "Acoustic cryptanalysis:On nosy people and noisy machines," http://people.csail.mit.edu/tromer/acoustic/
[76]Fcrrigno, J., Hlavac, M., "When AES blinks:introducing optical side channel," IET Information Security, vol.2,3rd edn.2008.
[77]Skorobogatov, S.P. "Using optical emission analysis for estimating contribution to power analysis," IEEE Computer Society, pp. 111,2009.
[78]Boer, B. den, Lemke, K., Wicke, G., "A DPA attack against the modular reduction within a CRT implementation of RSA," 4th International Workshop, Redwood Shores, CA, USA,2002, Revised Papers, Lecture Notes in Computer Science, vol.2523. Springer, Berlin 2003.
[79]Jaffe, J., "Introduction to differential power analysis," In:Summer School on Crypto-graphic Hardware, Side-Channel and Fault Attacks, ECRYPT (2006) 123 26 J Cryptogr Eng 2011.
[80]Jaffe, J., "A first-order DPA attack against AES in counter mode with unknown initial counter," Lecture Notes in Computer Science, vol.4727. Springer, Berlin,2007.
[81]Jaffe, J., "Using chosen messages to reduce DPA attack complexity (e.g.MISTYl) and to Amplify Leakage," CHES 2009 rump session presentation,2009.
[82]Fouque, P.A., Valette, F., "The doubling attack hy upwards is better than downwards," In:Walter, C.D., Ko,K., Paar, C. (eds.) CHES, Lecture Notes in Computer Science, vol.2779. Springer, Berlin 2003.
[83]Schindler, W., "A timing attack against RSA with the Chinese remainder theorem," Second International Workshop, Worcester, MA, USA, August,2000, Proceedings, Lecture Notes in Computer Science, vol.1965. Springer, Berlin 2000.
[84]Veyrat-Charvillon, N., Standaert, F.X., "Adaptive chosen-message side-channel at-tacks," Lecture Notes in Computer Science, vol.6123,2010.
[85]Clavier, C., Coron, J.S., Dabbous, X., "Differential power analysis in the presence of hardware countermeasures," CryptographicHardware and Embedded Systems CHES 2000, Second International Workshop, Worcester, MA, USA,2000, Proceedings, Lecture Notes in Computer Science, vol.1965. Springer, Berlin 2000.
[86]Waddle, J.,Wagner, D., "Towards efficient second-order power analysis," Crypto-graphic Hardware and Embedded Systems HES 2004:6th InternationalWorkshop Cam-bridge,MA, USA,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[87]Brier, E., Clavier, C., Olivier, F., "Correlation power analysis with a lcakagemodel," 6th International Workshop Cambridge, MA, USA,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[88]Gierlichs, B., Batina, L., Tuyls, P., Preneel, B., "Mutual information analysis," Lecture Notes inComputer Science, vol.5154.
[89]Quisquater, J.J., Samyde, D., "Electromagnetic analysis (EMA):measures and counter-measures for smart cards," Lecture Notes in Computer Science, vol.2140. Springer, Berlin 2001.
[90]Gandolfi, K., Mourtel, C., Olivier, F., "Electromagnetic analysis:concrete results," Lecture Notes in Computer Science, vol.2162. Springer, Berlin 2001.
[91]Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.. "The EM side-channel(s)," Cryptographic Hardware and Embedded Systems HES 2002,4th International Work-shop, Redwood Shores, CA, USA,2002, Revised Papers, Lecture Notes in Computer Science, vol.2523. Springer, Berlin 2003.
[92]Bernstein, D.J., "Cache-timing attacks on AES," Technical report 2005.
[93]Osvik, D.A., Shamir, A., Tromer, E., "Cache attacks and countermeasures:the case of AES," In:Topics in Cryptology T-RSA 2006, The Cryptographers Track at the RSA Conference 2006. Springer, Berlin 2005.
[94]Joye,M., Paillier, P., Berry, S., "On second-order differential power analysis," 7th In-ternational Workshop, Edinburgh, UK, August,2005, Proceedings, Lecture Notes in Computer Science, vol.3659. Springer, Berlin 2005.
[95]Oswald, E., Mangard, S., Herbst, C., Tillich, S., "Practical second-order DPA attacks for masked smart card implementations of block ciphers," Lecture Notes in Computer Science, vol.3860. Springer, Berlin 2006.
[96]Prouff, E., Rivain, M., Bevan, R., "Statistical analysis of second order differential power analysis," IEEE Trans. Comput.58(6) 2009.
[97]Standaert, F.X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S., "The world is not enough:another look on second-order DPA," Lecture Notes in Computer Science, vol.6477. Springer, Berlin 2010.
[98]Rechberger, C., Oswald, E., "Practical template attacks," Lecture Notes in Computer Science, vol.3325. Springer, Berlin 2004.
[99]Novak, R., "Side-Channel Attack on Substitution Blocks," Lecture Notes in Computer Science, vol.2846. Springer, Berlin 2003.
[100]Jaffe, J.,Kocher, P., Jun, B., "Balanced cryptographic computational method and ap-paratus for leak minimizational in smartcards and other cryptosystems," US Patent 6,510,518
[101]Jaffe, J., Kocher, P., Jun, B., "Hardware-level mitigation and DPA countermeasures for cryptographic devices," US Patent 6,654,884 123 J Cryptogr Eng 2011.
[102]Bystrov, A., Sokolov, D.T Yakovlev, A., Koelmans, A.. "Balancing power signature in secure systems," http://async. org.uk/ukasyncforum14/foruml4-papers/forurn14-bystrov.pdf 2003
[103]Tiri, K., Verbauwhede, I., "A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation," In:DATE. IEEE Computer Society 2004.
[104]Sokolov, D., Murphy, J.P., Bystrov, A.V., Yakovlev, A., "Improving the security of dual-rail circuits," In 6th International Workshop Cambridge, MA, USA, August,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[105]Tiri, K., Verbauwhede, I., "Design method for constant power consumption of differ-ential logic circuits," In IEEE Computer Society 2005.
[2]Barker,W. "Introduction to the analysis of Data Encryption Standard(DES)," Laguna Hills,CA,Aegean Park Press,1991.
[3]NIST AdvancedEncryptionStandard (AES) [M], Federal Information Processing Stan-dards Publication,2001.
[4]R. L. Rivest, A. Shamir,L. M. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," in Communications of the ACM,1978.
[5]Menezes,A. "Elliptic Curve Public Key Cryptosystems, " 1993.
[6]Biham, E.,and Shamir,A. "Differential Cryptanalysis of the Data Encryption Standard,' Springer verlag,1993.
[7]Matsui, M, "Linear Cryptanalysis Method for DES Cipher," in Proceedings of Eurocrypt 93,1993.
[8]Paul Kocher. Joshua Jaffe, and Benjamin Jun Michael Wiener, "Differential Power Anal-ysis," in CRYPTO'99, LNCS 1666, pp.388-397,1999.
[9]KULRD SCARD Consortium, "Side Channel Attacks[R]," 2005.
[10]Gijs Hollestelle, Wouter Buger,Jerry den Hartog,"Power Analysis on Smart Card Algo-rithms Using Simultion," Eindhoven, University of Technology,2004.
[11]Regazzoni, Lugano Badel, "A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies," in Embedded Computer Systems(Architectures, Modeling and Simula-tion),2007.
[12]刘鸣,陈弘毅,白国强,“功耗分析研究平台及其应用”微电子学与计算机2005年第22卷第7期.
[13]Xuefei Bai, Yao Wang, Yifei Wang, and Xinwei Hu,"A Power Analysis Attack Software Simulation Platform Design and Its Applications," in 2nd International Conference on Computer Engineering and Technology,2010.
[14]J. Kelsey,B. Schncier,D. Wagner, et al,"Side Channel Cryptanalysis of Product Ci-phers," in Proceedings of ESORICS'98, Springer-Vcrlag,1998.
[15]Thomas S. Messerges, Ezzy A. Dabbish, Robert H. Sloan,"Investigations of Power Analysis Attacks Oil Smartcards," in Proceedings of USENIX Workshop on Smartcard Technology,1999.
[16]Paul Kocher,Joshua Jaffe,Benjamin Jun.Pankaj Rohatgi J, "Introduction to differential power analysis," in Cryptogr Eng,2011.
[17]Mudge, T. Power, "a first-class architectural design constraint," Computer,Volume 34,1s-sue 4,April 2001.
[18]Paul Kocher, Joshua Jaffe,Benjamin Jun, "Introduction to differential power analysis." in Cryptogr Eng,2011.
[19]KUNCH D E, "Seminumerical Algorithm the Art of Computer Programming [M]," Addison Wesley,1981.
[20]Brier E, Cl avier C, Oliver F, "Correlation power analysis with a leakage model [G]," in Proc of CHES2004, Berlin,2004.
[21]P.kocher, J. Jaffe, B. Jun,"Introduction to Differential Power Analysis and Related Attacks," Cryptography Research,1998.
[22]Yiqun. Sun,Lingxuan. Xin, "Power Analysis for Security Chip In Cellphone Using Prirne-TimePX",available on http://www.synopsys.com.cn/information/snug/2010/power-analysis-for-security-chip-in-cellphone-using-primetimepx.
[23]Kouichi Itoh, Jun Yajima, Masahiko Takenaka,et al,"DPA Countermeasures by Im-proving the Window Method," in CHES 2002.
[24]T. S. Messerges, E. A. Dabbish, R. H. Sloan, "Power Analysis Attacks of Mod-ular Exponentiation in Smartcards," Cryptographic Hardware and Embedded Sys-tems, CHES99,1999.
[25]Montgomery P. L, "Modular multiplication without trial division," Mathematics of Com-putation,1985,44(170):519-521.
[26]Brick el E. F, "A survey of hardware implementations of RSA," in Proceedings of the Advances in Cryptology (CRYPTO 89), Santa Barbara, USA,1990.
[27]盛骤,谢式千,潘承毅,“概率论与数理统计[M]北京,高等教育出版社,2008.
[28]P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Advances in Cryptology —CRYPTO'99, LNCS 1666, pp.388-397, Springer-Verlag,1999.
[29]T. Messerges, E. Dabbish, and R. Sloan, "Investigation of power analysis attacks on smartcards," In Usenix Workshop on Smartcard Technology 1999.
[30]C. Clavier, J.S. Coron, N. Dabbous, "Differential power analysis in the presence of hardware countermeasures," In Cryptographic Hardware and Embedded Systems— CHES 2000, LNCS 1965, pp.252-263, Springer-Verlag,2000.
[31]J.S. Coron, P. Kocher, and D. Naccache, "Statistics and secret leakage," In Financial Cryptography (FC2000), LNCS 1972, pp.157-173, Springer-Verlag,2001.
[32]Eric Brier, Christophe Clavier, and Francis Olivier,"Correlation Power Analysis with a Leakage Model," Cryptographic Hardware and Embedded Systems-CHES 2004 Lecture Notes in Computer Science,2004, Volume 3156/2004,135-152.
[33]张轶辉,王昭顺,"USB密码钥匙漏洞分析及防御策略的研究,”Aeronautical Comput-ing Technique,2007.
[34]张锟颜学龙,‘'USB KEY的体系结构分析及安全策略研究,”安全技术与管理,2009.2.
[35]SMurphy,MRobshaw, "Further Comments on the Structure of Rijndael[EB/OL]," avail-able on http://www.cs.rbbnc.ac.uk/~sean/,AESForum Comment,2000208217.
[36]SMurphy.MRobshaw, "New Observation on Rijndael[EB/OL]," available on http://www.cs.rbbnc.ac.uk/~sean/,AESForumComment,2000208207.
[37]"AESDiscussionForum[EB/OL]," available on http://aes.nist.gov/aes/,2001 2 031
[38]Wiliam Stallings, "密码编码学与网络安全[M],”电子工业出版社,2010.
[39]National Institute of Standards and Technology. FIPS-197:Advanced Encryption Stan-dard, November 2001.
[40]K. Itoh, M.Takenaka, and N. Torii, "DPA Countermeasure Based on the Masking Method," in International Conference on Information, Communications and Signal Pro-cessing-ICICS 2001, LNCS 2288, pp.440-456, Springer-Verlag,2002.
[41]J. D. Golic and Ch. Tymen, "Multiplicative Masking and Power Analysis of AES," In Cryptographic Hardware and Embedded Systems-CHES 2002,4th International Workshop, Redwood Shores, CA, USA, August 13-15,2002, Revised Papers, volume 2535 of Lecture Notes in Computer Science (LNCS), pages 198.Springer,2003.
[42]Thomas S. Messerges and Ezzy A. Dabbish, "Investigations of Power Analysis Attacks on Smartcards," USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10-11,1999.
[43]Siddika Berna Ors, Elisabeth Oswald, and Bart Preneel, "Power-Analysis Attacks on an FPGA-First Experimetnal Results," CHES 2003, LNCS 2779, pp35-50, Springer-Verlag, Berlin Heidelberg 2003.
[44]Elisabeth Oswald, Stenfan Mangard and Norbert Pramstaller, "Secure and Efficient Masking of AES-A Misson Impossible?IAIK," http://www.iaik.tu-graz.ac.at/reasearch/sca-lab/index.php
[45]E. Trichina, "Combinational Logic Design for AES SubByte Transformation on Masked Data," Cryptology ePrint Archive, Report 2003/236,2003.
[46]C. Clavier, J. Coron, and N. Dabbous, "Differential Power Analysis in the Presence of Hardware Countermeasures," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp.252-263, Springer-Verlag,2000.
[47]K. Itoh, M. Takenaka, and N. Torii, "DPA Countermeasure Based on the Mask-ing Method," International Conference on Information, Communications and Signal Processing-ICICS 2001, LNCS 2288, pp.440-456, Springer-Verlag,2002.
[48]S. Yen, "Amplified Differential Power Cryptanalysis on Rijndael Implementations with Exponentially Fewer Power Traces," in Information Security and Privacy Australasian Conference-ACISP 2003, LNCS 2727, pp.106-117, Springer-Verlag,2003.
[49]R. Bevan and E. Knudsen, "Ways to Enhance Differential Power Analysis," Information Security and Cryptology-ICISC 2002, LNCS 2587, pp.327-342,2003.
[50]J. Coron and L. Goubin, "On Boolean and Arithmetic Masking against Differential Power Analysis," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp.231-237, Springer-Verlag,2000.
[51]L. Goubin, "A Sound Method for Switching between Boolean and Arithmetic Masking," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, LNCS 2162, pp.3-15, Springer-Verlag,2001.
[52]J. Coron, A. Tchulkine, "A New Algorithm for Switching from Arithmetic to Boolean Masking," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2003, LNCS 2779, pp.89-97, Springer-Verlag,2003.
[53]Jacques J.A. Fournier, Simon Moore, Huiyun Li, Robert Mullins, and George Taylor, "Security Evaluation of Asynchronous Circuits," IST-1999-13515
[54]J. Dhem, F. Koeune, P. Leroux, P. Mestre, J.Quisquater, and J. Willems, "A Prac-tical Implementation of the Timing Attack," UCL Crypto Group Technical Report http://users.belgacom.net/dhem/papers/CG19981.pdf,1998.
[55]S. Skorobogatov and R. Anderson, "Optical Fault Induction Attacks," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2002, LNCS 2523, pp.2-12, Springer-Verlag,2003.
[56]S. Mangard, "A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion," Information Security and Cryptology-ICISC 2002, LNCS 2587, pp.343-358,2003.
[57]K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic Analysis:Concrete Results," Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, LNCS 2162, pp.251-261, Springer-Verlag,2001.
[58]Hwasun Chang and Kwangjo Kim, "Securing AES against Second-Order DPA by simple Fixed-Value Masking," Computer Security Symposium 2003.
[59]Biham, E., Shamir, A, "DifferentialCryptanalysis of DES-like Cryptosystems," Lecture Notes in Computer Science, vol.537, Springer, Berlin,1990.
[60]Matsui, M., Yamagishi, A., "A new method for known plaintext attack of FEAL Cipher," In EUROCRYPT 1992.
[61]Boneh, D., DeMillo, R. A., Lipton, R.J., "On the importance of checking cryptographic protocols for faults (extended abstract)," In EUROCRYPT, pp.37,1997
[62]Biham, E., Shamir, A., "Differential fault analysis of secret key cryptosystems," CRYPTO, Lecture Notes in Computer Science, vol.1294, pp.513. Springer, Berlin, 1997.
[63]Kocher, P.C., "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO, Lecture Notes in Computer Science, vol.1109. Springer, Berlin,1996.
[64]Dhem, J.F., Koeunc, F., Leroux, P.A., et al, "A practical implementation of the timing attack," Lecture Notes in Computer Science, vol.1820. Springer, Berlin,1998.
[65]Anderson, R., Kuhn, M., "Tamper resistance cautionary note," Second Usenix Workshop on Smartcard Technology,1996.
[66]Anderson, R.J., Kuhn, M.G., "Low cost attacks on tamper resistant devices," Lecture Notes in Computer Science, vol.1361, pp.125, Springer, Berlin,1997.
[67]Mangard, S., Oswald, E., Popp, T., "Power analysis attacks:revealing the secrets of smart cards," Springer, New York 2007. ISBN:978-0-387-30857-9.
[68]Novak, R., "SPA-based adaptive chosen-ciphertext attack on RSA Implementation," Lecture Notes in Computer Science, vol.2274, pp.252. Springer, Berlin,2002.
[69]Schramm, K., Wollinger, T.J., Paar, C., "A new class of collision attacks and its appli-cation to DES," Lecture Notes in Computer Science, vol.2887. Springer, Berlin,2003.
[70]Ledig, H., Muller, F., Valette, F., " Enhancing collision attacks," In Cryptographic Hardware and Embedded Systems HES 2004:6th International Workshop Cambridge, MA, USA,2004.
[71]Howgrave-Graham, N., Smart Nigel, P., "Lattice attacks on digital signature schemes,' Des. Codes Cryptogr.23(3),283,2001.
[72]Boneh, D., Shparlinski, I., "On the unpredictability of bits of the elliptic curve diffiehell-man scheme," Lecture Notes in Computer Science, vol.2139. Springer, Berlin,2001.
[73]Mangard, S., "A simple power-analysis (SPA) attack on implementations of the AES key expansion," Lecture Notes in Computer Science, vol.2587. Springer, Berlin,2002.
[74]Renauld, M., Standaert, F.X., Veyrat-Charvillon, N. "Algebraic side-channel attacks on the AES, why time also matters in DPA," Lecture Notes in Computer Science, vol.5747. Springer, Berlin,2009.
[75]Shamir,A.,Tromer, E, "Acoustic cryptanalysis:On nosy people and noisy machines," http://people.csail.mit.edu/tromer/acoustic/
[76]Fcrrigno, J., Hlavac, M., "When AES blinks:introducing optical side channel," IET Information Security, vol.2,3rd edn.2008.
[77]Skorobogatov, S.P. "Using optical emission analysis for estimating contribution to power analysis," IEEE Computer Society, pp. 111,2009.
[78]Boer, B. den, Lemke, K., Wicke, G., "A DPA attack against the modular reduction within a CRT implementation of RSA," 4th International Workshop, Redwood Shores, CA, USA,2002, Revised Papers, Lecture Notes in Computer Science, vol.2523. Springer, Berlin 2003.
[79]Jaffe, J., "Introduction to differential power analysis," In:Summer School on Crypto-graphic Hardware, Side-Channel and Fault Attacks, ECRYPT (2006) 123 26 J Cryptogr Eng 2011.
[80]Jaffe, J., "A first-order DPA attack against AES in counter mode with unknown initial counter," Lecture Notes in Computer Science, vol.4727. Springer, Berlin,2007.
[81]Jaffe, J., "Using chosen messages to reduce DPA attack complexity (e.g.MISTYl) and to Amplify Leakage," CHES 2009 rump session presentation,2009.
[82]Fouque, P.A., Valette, F., "The doubling attack hy upwards is better than downwards," In:Walter, C.D., Ko,K., Paar, C. (eds.) CHES, Lecture Notes in Computer Science, vol.2779. Springer, Berlin 2003.
[83]Schindler, W., "A timing attack against RSA with the Chinese remainder theorem," Second International Workshop, Worcester, MA, USA, August,2000, Proceedings, Lecture Notes in Computer Science, vol.1965. Springer, Berlin 2000.
[84]Veyrat-Charvillon, N., Standaert, F.X., "Adaptive chosen-message side-channel at-tacks," Lecture Notes in Computer Science, vol.6123,2010.
[85]Clavier, C., Coron, J.S., Dabbous, X., "Differential power analysis in the presence of hardware countermeasures," CryptographicHardware and Embedded Systems CHES 2000, Second International Workshop, Worcester, MA, USA,2000, Proceedings, Lecture Notes in Computer Science, vol.1965. Springer, Berlin 2000.
[86]Waddle, J.,Wagner, D., "Towards efficient second-order power analysis," Crypto-graphic Hardware and Embedded Systems HES 2004:6th InternationalWorkshop Cam-bridge,MA, USA,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[87]Brier, E., Clavier, C., Olivier, F., "Correlation power analysis with a lcakagemodel," 6th International Workshop Cambridge, MA, USA,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[88]Gierlichs, B., Batina, L., Tuyls, P., Preneel, B., "Mutual information analysis," Lecture Notes inComputer Science, vol.5154.
[89]Quisquater, J.J., Samyde, D., "Electromagnetic analysis (EMA):measures and counter-measures for smart cards," Lecture Notes in Computer Science, vol.2140. Springer, Berlin 2001.
[90]Gandolfi, K., Mourtel, C., Olivier, F., "Electromagnetic analysis:concrete results," Lecture Notes in Computer Science, vol.2162. Springer, Berlin 2001.
[91]Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.. "The EM side-channel(s)," Cryptographic Hardware and Embedded Systems HES 2002,4th International Work-shop, Redwood Shores, CA, USA,2002, Revised Papers, Lecture Notes in Computer Science, vol.2523. Springer, Berlin 2003.
[92]Bernstein, D.J., "Cache-timing attacks on AES," Technical report 2005.
[93]Osvik, D.A., Shamir, A., Tromer, E., "Cache attacks and countermeasures:the case of AES," In:Topics in Cryptology T-RSA 2006, The Cryptographers Track at the RSA Conference 2006. Springer, Berlin 2005.
[94]Joye,M., Paillier, P., Berry, S., "On second-order differential power analysis," 7th In-ternational Workshop, Edinburgh, UK, August,2005, Proceedings, Lecture Notes in Computer Science, vol.3659. Springer, Berlin 2005.
[95]Oswald, E., Mangard, S., Herbst, C., Tillich, S., "Practical second-order DPA attacks for masked smart card implementations of block ciphers," Lecture Notes in Computer Science, vol.3860. Springer, Berlin 2006.
[96]Prouff, E., Rivain, M., Bevan, R., "Statistical analysis of second order differential power analysis," IEEE Trans. Comput.58(6) 2009.
[97]Standaert, F.X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S., "The world is not enough:another look on second-order DPA," Lecture Notes in Computer Science, vol.6477. Springer, Berlin 2010.
[98]Rechberger, C., Oswald, E., "Practical template attacks," Lecture Notes in Computer Science, vol.3325. Springer, Berlin 2004.
[99]Novak, R., "Side-Channel Attack on Substitution Blocks," Lecture Notes in Computer Science, vol.2846. Springer, Berlin 2003.
[100]Jaffe, J.,Kocher, P., Jun, B., "Balanced cryptographic computational method and ap-paratus for leak minimizational in smartcards and other cryptosystems," US Patent 6,510,518
[101]Jaffe, J., Kocher, P., Jun, B., "Hardware-level mitigation and DPA countermeasures for cryptographic devices," US Patent 6,654,884 123 J Cryptogr Eng 2011.
[102]Bystrov, A., Sokolov, D.T Yakovlev, A., Koelmans, A.. "Balancing power signature in secure systems," http://async. org.uk/ukasyncforum14/foruml4-papers/forurn14-bystrov.pdf 2003
[103]Tiri, K., Verbauwhede, I., "A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation," In:DATE. IEEE Computer Society 2004.
[104]Sokolov, D., Murphy, J.P., Bystrov, A.V., Yakovlev, A., "Improving the security of dual-rail circuits," In 6th International Workshop Cambridge, MA, USA, August,2004. Proceedings, Lecture Notes in Computer Science, vol.3156. Springer, Berlin 2004.
[105]Tiri, K., Verbauwhede, I., "Design method for constant power consumption of differ-ential logic circuits," In IEEE Computer Society 2005.