1996-11-21 - Re: Anderson & Kuhn’s “Improved DFA” paper

Header Data

From: stewarts@ix.netcom.com
To: cypherpunks@toad.com
Message Hash: db99a696baa866c67d0fa3f196b22c466cf6f97a659ca0841b12b65dfb020678
Message ID: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-11-21 05:09:16 UTC
Raw Date: Wed, 20 Nov 1996 21:09:16 -0800 (PST)

Raw message

From: stewarts@ix.netcom.com
Date: Wed, 20 Nov 1996 21:09:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anderson & Kuhn's "Improved DFA" paper
Message-ID: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


HP just announced their big new plans for international exportable crypto
using tamperproof PCM-CIA smartcards with multiple tamperproof GAK plugins.
Anderson&Kuhn just announced the latest in a series of attacks on 
"tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.
Obviously it must be a conspiracy :-)

It's also an opportunity for some well-timed press releases.
Clipper 1's reputation was severely damaged by Matt's attack.
Anybody know if HP's giving out samples, and if there are real or test
GAK plugins for them?

HP URL http://www.dmo.hp.com/gsy/security/icf/main.html

The paper was posted to coderpunks, and it's on 
        ftp://ftp.cl.cam.ac.uk/users/rja14/dfa
Here's the intro:
---------------------------------------------------------------------
                   Improved Differential Fault Analysis

                      Ross J Anderson, Markus G Kuhn

In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts 
in which one-bit errors have been induced by environmental stress. 
Here we show an attack that requires less than ten ciphertexts. 
Furthermore, our attack is practical in that it uses a fault model that 
has been implemented in attacks on real smartcards.

In [2], Biham and Shamir show how their method can be extended to reverse
engineer algorithms whose structure is unknown.  Our attack can also be 
extended to such cases and is more efficient there too. 
In [3], Boneh, De Millo and Lipton discuss how such techniques can be used
to attack RSA. Again, their attack is theoretical only, 
We show how to do it in practice.

--------------------------------------------------------------------------

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)






Thread