Research signals safer smart cards

Vin McLellan vin at theworld.com
Tue Dec 10 14:18:17 EST 2002 

At 12/10/02, you wrote:
>On Tue, Dec 10, 2002 at 02:48:54PM +0100, Eugen Leitl wrote:
> >
> > http://www.theregister.co.uk/content/55/28489.html
> >
> > Research signals safer smart cards
> > By ComputerWire
> > Posted: 09/12/2002 at 22:49 GMT
> >
> > [...]
>
>Excuse me, I actually had to look at the above date twice to ensure it 
>*really*
>read 09/12/2002. Where exactly does this announcement contain anything 
>that can
>be considered news?  DPA attacks have been known to the academic world 
>since at
>least 1998-1999 as far as I remember.
>
>Must've been a slow news day for the Register, huh?

Yes and no. Cryptography Research is Paul Kocher's company. Obviously the 
journalist here encountered DPA and Kocher's other timing attacks for the 
first time, so we see the inevitable ga-ga response -- but it is also true 
that, according to Kocher, about 90 percent of the current US base of 
smartcards (higher outside the US) are not yet adapted to withstand DPA and 
other sophisticated attacks that take advantage of secret-key leakage 
(i.e., side-channel attacks).

Kocher's patents of leak-resistant crypto -- five so far, several within 
the past year -- are still coming out. I think you have the dates right for 
the initial publications on DPA, but descriptions of the effective 
countermeasures (appropriate to single-chip environments) are new and 
should be news.

_Vin

See: Kocher's US Patent 6,381,699, issued April 30, 2002.
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r=1&f=G&l=50&co1=AND&d=ft00&s1='Cryptography+Research,+Inc'.ASNM.&OS=AN/%22Cryptography+Research,+Inc%22&RS=AN/%22Cryptography+Research,+Inc%22

Leak-resistant cryptographic method and apparatus

<snip>
SUMMARY OF THE INVENTION

The present invention introduces leak-proof and leak-resistant 
cryptography, mathematical approaches to tamper resistance that support 
many existing cryptographic primitives, are inexpensive, can be implemented 
on existing hardware (whether by itself or via software capable of running 
on such hardware), and can solve problems involving secrets leaking out of 
cryptographic devices. Rather than assuming that physical devices will 
provide perfect security, leak-proof and leak-resistant cryptographic 
systems may be designed to remain secure even if attackers are able to 
gather some information about the system and its secrets. This invention 
describes leak-proof and leak-resistant systems that implement symmetric 
authentication, Diffie-Hellman exponential key agreement, ElGamal public 
key encryption, ElGamal signatures, the Digital Signature Standard, RSA, 
and other algorithms.

One of the characteristic attributes of a typical leak-proof or 
leak-resistant cryptosystem is that it is "self-healing" such that the 
value of information leaked to an attacker decreases or vanishes with time. 
Leak-proof cryptosystems are able to withstand leaks of up to L.sub.MAX 
bits of information per transaction, where L.sub.MAX is a security factor 
chosen by the system designer to exceed to the maximum anticipated leak 
rate. The more general class of leak-resistant cryptosystems includes 
leak-proof cryptosystems, and others that can withstand leaks but are not 
necessarily defined to withstand any defined maximum information leakage 
rate. Therefore, any leak-proof system shall also be understood to be 
leak-resistant. The leak-resistant systems of the present invention can 
survive a variety of monitoring and eavesdropping attacks that would break 
traditional (non-leak-resistant) cryptosystems.

A typical leak-resistant cryptosystem of the present invention consists of 
three general parts. The initialization or key generation step produces 
secure keying material appropriate for the scheme. The update process 
cryptographically modifies the secret key material in a manner designed to 
render useless any information about the secrets that may have previously 
leaked from the system, thus providing security advantages over systems of 
the background art. The final process performs cryptographic operations, 
such as producing digital signatures or decrypting messages.

>  <snip>

"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A Thinking Man's Creed for Crypto  _vbm.

  *     Vin McLellan + The Privacy Guild + <vin at theworld.net>    *
             22 Beacon St., Chelsea, MA 02150-2672 USA







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list