#### DMCA

## Improved Side-Channel Collision Attacks on AES

### Cached

### Download Links

- [www.crypto.ruhr-uni-bochum.de]
- [www.crypto.rub.de]
- DBLP

### Other Repositories/Bibliography

Citations: | 14 - 3 self |

### Citations

62 | A Side-Channel Analysis Resistant Description
- Oswald, Mangard, et al.
- 2005
(Show Context)
Citation Context ...atio. Note that our collision attack, as any other power analysis attack, can be significantly hampered or even made impossible by minimizing the signal-to-noise ratio, using sound masking techniques =-=[8]-=-, [9] or advanced clock randomizing methods [10]. However, the collision attack is likely to break through basic time randomization countermeasures such as simple random wait states, which can be dete... |

28 | C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack.
- Schramm, Leander, et al.
- 2004
(Show Context)
Citation Context ...Bogdanov Chair for Communication Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. Side-channel collision attacks were proposed in [1] and applied to AES in =-=[2]-=-. These are based on detecting collisions in certain positions of the internal state after the first AES round for different executions of the algorithm. The attack needs about 40 measurements and 512... |

26 | A new class of collision attacks and its application to DES
- Schramm, Wollinger, et al.
(Show Context)
Citation Context ...ion Attacks on AES Andrey Bogdanov Chair for Communication Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. Side-channel collision attacks were proposed in =-=[1]-=- and applied to AES in [2]. These are based on detecting collisions in certain positions of the internal state after the first AES round for different executions of the algorithm. The attack needs abo... |

26 |
Probabilistic Methods in Combinatorial Analysis, volume 56
- Sachkov
- 1997
(Show Context)
Citation Context ...sProposition 4. Let G be a random graph with n labeled vertices and N = ⌊1 2n log n + cn⌋ for some constant c. Let q = qn,N be the number of connected components in G. Then: Proof. See Theorem 2.3 in =-=[5]-=-� lim n→∞ Pr {q = i + 1} = (e−2c ) i exp i! � −e −2c� . Unfortunately, the estimate of Proposition 4 for the number of connected components cannot be directly applied for Sm, since its associated grap... |

12 |
F.: Enhancing Collision Attacks.
- Ledig, Muller, et al.
- 2004
(Show Context)
Citation Context ...amework and practical feasibility of our attacks. We conclude in Section 5. 2 Basic Collision Attack on AES Side-channel collision attacks were proposed for the case of the DES in [1] and enhanced in =-=[4]-=-. AES was attacked using collision techniques in [2]. This sidechannel collision attack on AES is based on detecting internal one-byte collisions in the MixColumns transformation in the first AES roun... |

12 |
An efficient masking scheme for aes software implementations.
- Oswald, Schramm
- 2006
(Show Context)
Citation Context ... Note that our collision attack, as any other power analysis attack, can be significantly hampered or even made impossible by minimizing the signal-to-noise ratio, using sound masking techniques [8], =-=[9]-=- or advanced clock randomizing methods [10]. However, the collision attack is likely to break through basic time randomization countermeasures such as simple random wait states, which can be detected ... |

3 |
T.: Collision Attacks on Alpha-MAC and Other AES-based MACs
- Biryukov, Bogdanov, et al.
- 2007
(Show Context)
Citation Context ... applications within AES possible, the AES implementation has to satisfy the property that all instances of the AES S-box are implemented in a similar way. The requirement is not necessary for [2] or =-=[3]-=-. This is the only difference of our technical framework with respect to that in [2] or [3]. Note that this requirement is very likely to be fulfilled in low-end real-world embedded systems, which are... |

2 |
S.: An AES Implementation Resistant to Power Analysis Attacks.
- Herbst, Oswald, et al.
- 2006
(Show Context)
Citation Context ...her power analysis attack, can be significantly hampered or even made impossible by minimizing the signal-to-noise ratio, using sound masking techniques [8], [9] or advanced clock randomizing methods =-=[10]-=-. However, the collision attack is likely to break through basic time randomization countermeasures such as simple random wait states, which can be detected using SPA or alignment techniques. 5 Conclu... |

1 |
R.E.: Linear extected-time algorithms for connectivity problems
- Karp, Tarjan
- 1980
(Show Context)
Citation Context ...4 0.991 0.999 1.000 1.000 1.000 Offline complexity ≤ 48 bit 43.90 45.50 44.30 41.14 30.32 21.36 12.11 8 Success probability ≤ 48 bit 0.092 0.548 0.927 0.997 0.999 1.000 1.000 1.000 Tarjan’s algorithm =-=[7]-=- for finding connected components of a graph. Note that the expected complexity of this algorithm in O(n), that is, linear in the number of vertices. For each number of measurement we performed 2 16 s... |