Results 1 
8 of
8
Side Channel Cryptanalysis of Product Ciphers
 JOURNAL OF COMPUTER SECURITY
, 1998
"... Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three produ ..."
Abstract

Cited by 110 (7 self)
 Add to MetaCart
Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three product ciphers  timing attack against IDEA, processorflag attack against RC5, and Hamming weight attack against DES  and then generalize our research to other cryptosystems.
Cryptanalysis of Ciphers and Protocols
"... The research thesis was done under the supervision of Prof. Eli Biham in the Faculty of Computer Science. It is my privilege to thank Eli Biham for his insightful support that made this work possible, and for bringing me up as a scientist and researcher. I especially acknowledge Eli for his respect ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
The research thesis was done under the supervision of Prof. Eli Biham in the Faculty of Computer Science. It is my privilege to thank Eli Biham for his insightful support that made this work possible, and for bringing me up as a scientist and researcher. I especially acknowledge Eli for his respect and trust, and for providing me with a very high degree of independence. Eli found the golden path among education, rigorousness, and care. His unique ability to quickly communicate anything in a personal (and sometimes playful) way always leaves me with a smile on my face. I am thankful to Adi Shamir for our fruitful collaboration, for being highly available around the clock (and around the globe), and for his patience and his wisdom. I acknowledge Nathan Keller for his wonderful and helpful curiosity, and for being an amazing brainmaker. It is a pleasure to thank my colleagues at the Technion, Orr Dunkelman and Rafi Chen, for fruitful discussions and for the wonderful time we had together. I feel that no words can express my deep gratitude to my loving family, which
MV3: A new word based stream cipher using rapid mixing and revolving buffers
, 2006
"... mv3 is a new word based stream cipher for encrypting long streams of data. A direct adaptation of a byte based cipher such as rc4 into a 32 or 64bit word version will obviously need vast amounts of memory. This scaling issue necessitates a look for new components and principles, as well as mat ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
mv3 is a new word based stream cipher for encrypting long streams of data. A direct adaptation of a byte based cipher such as rc4 into a 32 or 64bit word version will obviously need vast amounts of memory. This scaling issue necessitates a look for new components and principles, as well as mathematical analysis to justify their use. Our approach, like rc4's, is based on rapidly mixing random walks on directed graphs (that is, walks which reach a random state quickly, from any starting point). We begin with some well understood walks, and then introduce nonlinearity in their steps in order to improve security and show long term statistical correlations are negligible. To minimize the short term correlations, as well as to deter attacks using equations involving successive outputs, we provide a method for sequencing the outputs derived from the walk using three revolving bu#ers. The cipher is fast  it runs at a speed of less than 5 cycles per byte on a Pentium IV processor. A word based
Generalised Cycling Attacks on RSA
"... Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x 0 = c mod n; x i+1 = x e i mod n; i = 0; 1; : : : until gcd(x i+1 \Gamma x 0 ; n) 6= 1 or i ? B, B a given boundary. If i B, there are two cases. Case 1: gcd(x i+1 \Gamma x 0 ; n) = n. In this ..."
Abstract
 Add to MetaCart
Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x 0 = c mod n; x i+1 = x e i mod n; i = 0; 1; : : : until gcd(x i+1 \Gamma x 0 ; n) 6= 1 or i ? B, B a given boundary. If i B, there are two cases. Case 1: gcd(x i+1 \Gamma x 0 ; n) = n. In this case x i = m and the secret message m can be recovered. Case 2: 1 6= gcd(x i+1 \Gamma x 0 ; n) 6= n. In this case, the RSA modulus n can be factorised. If i B, then Case 2 is much more likely to occur than Case 1. This attack is called a cycling attack. We introduce some new generalised cycling attacks. These attacks work without the knowledge of e and c. Therefore, these attacks can be used as factorisation algorithms. We introduce Lucas sequences V (P; 1), the Carmichael function (\Delta) and we define the \Omega\Gamma \Delta; \Delta) function. The attacks involve Lucas sequences. The Carmichael and the Omega functions then describe an upper bound of the complexity of the attacks. We als...