中国邮电高校学报(英文) ›› 2009, Vol. 16 ›› Issue (1): 81-85.doi: 10.1016/S1005-8885(08)60183-1

• Artificial Intelligence • 上一篇    下一篇

Timing and hamming weight attacks on minimal cost encryption scheme

袁征,温巧燕,王玮,ZHANG Hua   

  1. Department of Information Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-02-26
  • 通讯作者: 温巧燕

Timing and hamming weight attacks on minimal cost encryption scheme

YUAN Zheng, WEN Qiao-yan, WANG Wei, ZHANG Hua   

  1. Department of Information Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-02-26
  • Contact: WEN Qiao-yan

摘要:

The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is used to select and collect effective plaintexts for attack. Then the collected plaintexts are utilized to infer the expanded key differences of the secret key, from which most bits of the expanded secret key are recovered. The remaining bits of the expanded secret key are deduced by the correlations between Hamming weight values of the input of the S-boxes in the first-round. Finally, from the linear relation of the encryption time and the secret key’s Hamming weight, the entire 56 bits of the secret key are thoroughly recovered.
Using the attack, the minimal cost encryption scheme can be broken with known plaintexts and about calculations at a success rate . The attack has lower computing complexity, and the method is more effective than other previous methods.

关键词:

timing;and;hamming;weight;attacks,;DES,;minimal;cost;encryption;scheme,;digital;right;management;(DRM)

Abstract:

The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is used to select and collect effective plaintexts for attack. Then the collected plaintexts are utilized to infer the expanded key differences of the secret key, from which most bits of the expanded secret key are recovered. The remaining bits of the expanded secret key are deduced by the correlations between Hamming weight values of the input of the S-boxes in the first-round. Finally, from the linear relation of the encryption time and the secret key’s Hamming weight, the entire 56 bits of the secret key are thoroughly recovered.
Using the attack, the minimal cost encryption scheme can be broken with known plaintexts and about calculations at a success rate . The attack has lower computing complexity, and the method is more effective than other previous methods.

Key words:

timing and hamming weight attacks;DES;minimal cost encryption scheme;digital right management (DRM)