Cryptography Research scientist to give talk on security against Differential Power Analysis attacks

SAN FRANCISCO, California — September 7, 2007 — Cryptography Research, Inc. (CRI), today announced that Josh Jaffe, Research Scientist, will give a talk on a novel approach applying Differential Power Analysis to the AES algorithm at CHES 2007 in Vienna, Austria, September 11.

CHES is the leading cryptographic forum for research related to the security of tamper-resistant devices. The annual event examines new methods for protecting hardware and software for embedded systems, including smart cards and secure microprocessors, and is in its ninth year. In addition to presenting research results, CRI is also sponsoring this year’s conference and will demonstrate its DPA Workstation™ system at the conference.

Simple power analysis (SPA) and differential power analysis (DPA) attacks find keys and other secrets by exploiting information leaked through variations in the amount of electrical power consumed by cryptographic devices. SPA involves direct observation of power consumption measurements, while DPA uses statistical techniques to extract keys from smaller variations within a set of power consumption measurements collected over many operations. Effective countermeasures to power analysis attacks are required to prevent adversaries from duplicating ID cards, accessing private communications systems, stealing digital content, or mounting other attacks. SPA, DPA and related attacks were first discovered at Cryptography Research by Paul Kocher, Joshua Jaffe and Benjamin Jun.

“We are delighted to be supporting CHES and the efforts of other researchers in cryptosystems once again this year,” said Paul Kocher, President and Chief Scientist at CRI. “We continue to be actively engaged in power analysis research and look forward to this year’s conference.”

Jaffe will present in the opening session on Differential and Higher Order attacks on Tuesday, September 11, 2007, with a technical paper entitled: “A First-Order Differential Power Analysis (DPA) Attack Against AES in Counter Mode and Unknown Initial Counter”. AES Counter Mode is used in a variety of commercial and government applications and is described in “Draft Special Publication 800-38D” from the National Institute of Standards, which is available from http://csrc.nist.gov/CryptoToolkit/modes/ModesPage.html. Jaffe’s paper shows that, even if the AES inputs and outputs data and initial counter value are unknown to an adversary, DPA can be used to extract secret keys from devices using AES counter mode. The paper also shows how to perform DPA attacks in situations where much of the message data is constant over the collected set of traces.

For more information about the CHES conference, please consult: http://www.iacr.org/workshops/ches/