Cache timing attack on SMS4
Two access driven Cache timing analysis methods on both first four rounds and last four rounds of SMS4 encryption were proposed and discussed.On the precondition of not interfering SMS4 encryption,a spy process was designed to gather the un-accessed lookup table related Cache sets during first four...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2010-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74647708/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Two access driven Cache timing analysis methods on both first four rounds and last four rounds of SMS4 encryption were proposed and discussed.On the precondition of not interfering SMS4 encryption,a spy process was designed to gather the un-accessed lookup table related Cache sets during first four rounds and last four rounds of SMS4 encryption,then transferred them into impossible lookup table indices,combing plaintext or cipher text to analyze the impossible key byte candidates,finally the initial SMS4 key was recovered.Experiment results demonstrate that multi-process sharing Cache space feature and SMS4 lookup table structure decide that SMS4 is vulnerable to Cache timing attack,for about 80 samples are enough to recover full 128bit SMS4 key during both first four rounds attack and last four rounds attack,so it’s necessary to take certain countermeasures to prevent this kind of attack. |
|---|---|
| ISSN: | 1000-436X |