Research signals safer smart cards
Vin McLellan
vin at theworld.com
Tue Dec 10 14:18:17 EST 2002
At 12/10/02, you wrote:
>On Tue, Dec 10, 2002 at 02:48:54PM +0100, Eugen Leitl wrote:
> >
> > http://www.theregister.co.uk/content/55/28489.html
> >
> > Research signals safer smart cards
> > By ComputerWire
> > Posted: 09/12/2002 at 22:49 GMT
> >
> > [...]
>
>Excuse me, I actually had to look at the above date twice to ensure it
>*really*
>read 09/12/2002. Where exactly does this announcement contain anything
>that can
>be considered news? DPA attacks have been known to the academic world
>since at
>least 1998-1999 as far as I remember.
>
>Must've been a slow news day for the Register, huh?
Yes and no. Cryptography Research is Paul Kocher's company. Obviously the
journalist here encountered DPA and Kocher's other timing attacks for the
first time, so we see the inevitable ga-ga response -- but it is also true
that, according to Kocher, about 90 percent of the current US base of
smartcards (higher outside the US) are not yet adapted to withstand DPA and
other sophisticated attacks that take advantage of secret-key leakage
(i.e., side-channel attacks).
Kocher's patents of leak-resistant crypto -- five so far, several within
the past year -- are still coming out. I think you have the dates right for
the initial publications on DPA, but descriptions of the effective
countermeasures (appropriate to single-chip environments) are new and
should be news.
_Vin
See: Kocher's US Patent 6,381,699, issued April 30, 2002.
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r=1&f=G&l=50&co1=AND&d=ft00&s1='Cryptography+Research,+Inc'.ASNM.&OS=AN/%22Cryptography+Research,+Inc%22&RS=AN/%22Cryptography+Research,+Inc%22
Leak-resistant cryptographic method and apparatus
<snip>
SUMMARY OF THE INVENTION
The present invention introduces leak-proof and leak-resistant
cryptography, mathematical approaches to tamper resistance that support
many existing cryptographic primitives, are inexpensive, can be implemented
on existing hardware (whether by itself or via software capable of running
on such hardware), and can solve problems involving secrets leaking out of
cryptographic devices. Rather than assuming that physical devices will
provide perfect security, leak-proof and leak-resistant cryptographic
systems may be designed to remain secure even if attackers are able to
gather some information about the system and its secrets. This invention
describes leak-proof and leak-resistant systems that implement symmetric
authentication, Diffie-Hellman exponential key agreement, ElGamal public
key encryption, ElGamal signatures, the Digital Signature Standard, RSA,
and other algorithms.
One of the characteristic attributes of a typical leak-proof or
leak-resistant cryptosystem is that it is "self-healing" such that the
value of information leaked to an attacker decreases or vanishes with time.
Leak-proof cryptosystems are able to withstand leaks of up to L.sub.MAX
bits of information per transaction, where L.sub.MAX is a security factor
chosen by the system designer to exceed to the maximum anticipated leak
rate. The more general class of leak-resistant cryptosystems includes
leak-proof cryptosystems, and others that can withstand leaks but are not
necessarily defined to withstand any defined maximum information leakage
rate. Therefore, any leak-proof system shall also be understood to be
leak-resistant. The leak-resistant systems of the present invention can
survive a variety of monitoring and eavesdropping attacks that would break
traditional (non-leak-resistant) cryptosystems.
A typical leak-resistant cryptosystem of the present invention consists of
three general parts. The initialization or key generation step produces
secure keying material appropriate for the scheme. The update process
cryptographically modifies the secret key material in a manner designed to
render useless any information about the secrets that may have previously
leaked from the system, thus providing security advantages over systems of
the background art. The final process performs cryptographic operations,
such as producing digital signatures or decrypting messages.
> <snip>
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A Thinking Man's Creed for Crypto _vbm.
* Vin McLellan + The Privacy Guild + <vin at theworld.net> *
22 Beacon St., Chelsea, MA 02150-2672 USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list