Algorithm Level Evaluation of Cryptosystem Resistance to Second-Order DPA

A. Sasaki and K. Abe (Japan)


Side-Channel Attack, Differential Power Analysis, Ham ming weight, Simulation, Evaluation of Countermeasures, DES


In a previous study, we verified by simulation at the tran sistor level that the difference in power consumptions in Differential Power Analysis (DPA) can be approximated by using the Hamming weight of the bit string that includes an attacked bit position. Based on that verification, we pro posed an algorithm-level method for evaluating the resis tance of cryptosystems to DPA attacks and demonstrated the effectiveness of the method by applying it to a first order DPA-resistance evaluation of Data Encryption Stan dard (DES) implementations. In this paper, we apply this method to second-order DPA and show that the simulation results are consistent with the experimental results of at tacks against a smartcard. We also show that using the simulation method we can quantitatively evaluate the re sistance of the DES algorithm and its countermeasures to second-order DPA. This method is faster than other meth ods used at the RTL and downstream levels and is useful for quantitatively evaluating the resistance of countermea sures to DPA at the upstream level of cryptosystem design.

Important Links:

Go Back