[HGI-News] HGI-Seminar am Montag, 03.05.2004

hgi-news at lists.ruhr-uni-bochum.de hgi-news at lists.ruhr-uni-bochum.de
Do Apr 29 11:04:31 CEST 2004 


========================================================================
			
			Kai Schramm
		COSY Group -Ruhr-Universität Bochum 
		 
            	  
  		   "Internal Collisions in AES"


             Montag, 03.05.2004, 13:00 c.t, IC 4/39

Abstract

Recently a new class of collision attacks which was originally suggested by
Hans Dobbertin has been introduced. These attacks use side channel analysis
to detect internal collisions and are generally not restricted to a
particular cryptographic algorithm. As an example, a collision attack
against DES was proposed which combines internal collisions with side
channel information leakage. It had not been obvious, however, how this
attack applies to non-Feistel ciphers with bijective S-boxes such as the
Advanced Encryption Standard (AES).

This contribution takes the same basic ideas and develops new optimized
attacks against AES. Our major finding is that the new combined analytical
and side channel approach reduces the attack effort compared to all other
known side channel attacks. We develop several versions and refinements of
the attack. First we show that key dependent collisions can be caused in the
output bytes of the mix column transformation in the first round. By taking
advantage of the birthday paradox, it is possible to cause a collision in an
output with as little as 20 measurements. Each collision will reveal at
least 8 bits of the secret key. Furthermore, in an optimized attack, it is
possible to cause collisions in all four output bytes of the mix column
transformation with an average of only 31 measurements, which results in
knowledge of all 32 key bits. Finally, if collisions are caused in all four
columns of the AES in parallel, it is possible to determine the entire
128-bit key with only 40 measurements, which a is a distinct improvement
compared to DPA and other side channel attacks.

 



========================================================================

EMAIL-VERTEILER: Wenn Sie Vortragsankündigungen auch in Zukunft per
Email erhalten wollen, können Sie hier
http://www.hgi.ruhr-uni-bochum.de/newsletter/
unseren Newsletter abonnieren.

ANFAHRT: Eine Wegbeschreibung zum IC Gebäude der RUB ist hier zu finden:
http://www.crypto.ruhr-uni-bochum.de/Kontakt/Kontakt.html

VORTRÄGE IM SS 2004:
(Abstracts sind hier:
 www.crypto.ruhr-uni-bochum.de/Seminare/Krypt/Kryptosose04.html)

 
 19.04.2004, Marc Stevens, ITSC - RUB, 13.00 c.t. IC 4/39,,
 "Arithmetic on Hyperelliptic curves of genus 1 and 2"

 26.04.2004, Jonathan Hammell, COSY - RUB, 13.00 c.t. IC 4/39,
 "Recognition in a Low-Power Environment"

 03.05.2004, Kai Schramm, COSY - RUB, 13.00 c.t. IC 4/39,
 "Internal Collisions in AES"

========================================================================

M.Tech. Sandeep Kumar
Chair for Communication Security
Dept. of Electr. Eng. & Information Sciences
Ruhr-University Bochum
44780 Bochum, Germany

URL: www.crypto.rub.de

Mehr Informationen über die Mailingliste Hgi-News-Deutschland