Lecture Notes in Computer Science 2779 EditedbyG.Goos,J.Hartmanis,andJ.vanLeeuwen 3 Berlin Heidelberg NewYork HongKong London Milan Paris Tokyo Colin D. Walter C¸etin K. Koc¸ Christof Paar (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2003 5th International Workshop Cologne, Germany, September 8-10, 2003 Proceedings 1 3 SeriesEditors GerhardGoos,KarlsruheUniversity,Germany JurisHartmanis,CornellUniversity,NY,USA JanvanLeeuwen,UtrechtUniversity,TheNetherlands VolumeEditors ColinD.Walter ComodoResearchLab BradfordBD71DQ,UK E-mail:[email protected] C¸etinK.Koc¸ OregonStateUniversity Corvallis,Oregon97330,USA E-mail:[email protected] ChristofPaar Ruhr-UniversitätBochum 44780Bochum,Germany E-mail:[email protected] Cataloging-in-PublicationDataappliedfor AcatalogrecordforthisbookisavailablefromtheLibraryofCongress. BibliographicinformationpublishedbyDieDeutscheBibliothek DieDeutscheBibliothekliststhispublicationintheDeutscheNationalbibliografie; detailedbibliographicdataisavailableintheInternetat<http://dnb.ddb.de>. CRSubjectClassification(1998):E.3,C.2,C.3,B.7.2,G.2.1,D.4.6,K.6.5,F.2.1,J.2 ISSN0302-9743 ISBN3-540-40833-9Springer-VerlagBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer-Verlag.Violationsare liableforprosecutionundertheGermanCopyrightLaw. Springer-VerlagBerlinHeidelbergNewYork amemberofBertelsmannSpringerScience+BusinessMediaGmbH http://www.springer.de ©Springer-VerlagBerlinHeidelberg2003 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyPTP-BerlinGmbH Printedonacid-freepaper SPIN:10931455 06/3142 543210 Preface These are the proceedings of CHES 2003, the fifth workshop on Cryptographic HardwareandEmbeddedSystems,heldinCologneonSeptember8–10,2003.As witheverypreviousworkshop,therewasarecordnumberofsubmissionsdespite the much earlier deadline in this year’s call for papers. This is a clear indication of the growing international importance of the scope of the conference and the relevance of the subject material to both industry and academia. The increasing competition for presenting at the conference has led to many excellent papers and a higher standard overall. From the 111 submissions, time constraintsmeantthatonly32couldbeaccepted.Theprogramcommitteework- ed very hard to select the best. However, at the end of the review process there were a number of good papers – which it would like to have included but for which, sadly, there was insufficient space. In addition to the accepted papers appearinginthisvolume,therewerethreeinvitedpresentationsfromHansDob- bertin(Ruhr-Universita¨tBochum,Germany),AdiShamir(WeizmannInstitute, Israel), and Frank Stajano (University of Cambridge, UK), and a panel dis- cussion on the effectiveness of current hardware and software countermeasures against side channel leakage in embedded cryptosystems. Asalways,thefocusoftheworkshopisonpracticalaspectsofcryptographic hardwareandembeddedsystemsecurity.Anumberofcontributionspursueideas on the efficient use of resources (such as time, chip area, or power) within con- strained devices such as smart cards. These treat a wide range of applications, including true random number generators, finite field and modular arithmetic, and symmetric ciphers. Most of the remaining papers are concerned with leak- age of secret key data via side channels such as time, power, or electromagne- tic radiation, or through fault induction. Some of the contributions show how to extract the secret key in particular circumstances, others are more generic methodologies.Thesearecomplementedbyotherpaperswhichprovidecounter- measures for increased resistance against such attacks. Applications include all thestandardcryptosystems,bothsymmetricandpublickey,aswellassomeless well known ciphers. Another point of interest is the extension to hyperelliptic cryptosystems. The CHES workshop series is now firmly established as an international forum for intellectual exchange in creating the secure, reliable, and robust secu- ritysolutionswhicharerequirednowadays.CHESwillcontinuetodealwiththe pressinghardwareandsoftwareimplementationissuesasmoreandmoresystems and applications are developed which require encryption or authentication. WewouldliketothankIrmgardKu¨hn(Ruhr-Universita¨tBochum,Germany) for her help with the local organization and Andr´e Weimerskirch (also from Bochum) for his help again with the CHES website (www.chesworkshop.org) and Go¨kay Saldamlı and Colin van Dyke (both from Oregon State University) for their help in preparing the proceedings. June 2003 Colin D. Walter C¸etin K. Ko¸c Christof Paar VI Preface Acknowledgements The organizers express their thanks to the program committee and the external referees for their help in getting the best quality papers selected, and also the companies which provided support to the workshop. The program committee members for CHES 2003: – Ross Anderson, [email protected] University of Cambridge, UK – Beni Arazi, [email protected] Louisiana State University, USA – Jean-S´ebastien Coron, [email protected] Gemplus, France – Craig Gentry, [email protected] DoCoMo Communications Laboratories, USA – Jim Goodman, [email protected] Engim Canada Inc., Canada – Louis Goubin, [email protected] SchlumbergerSema, France – Anwar Hasan, [email protected] University of Waterloo, Canada – Kouichi Itoh, [email protected] Fujitsu Laboratories Ltd, Japan – Marc Joye, [email protected] Gemplus, France – Seungjoo Kim, [email protected] Korea Information Security Agency, Korea – Franc¸ois Koeune, [email protected] Universit´e catholique de Louvain, Belgium – Peter Kornerup, [email protected] University of Southern Denmark, Odense, Denmark – Pil Joong Lee, [email protected] Pohang University of Science and Technology, Korea – Katsuyuki Okeya, [email protected] Hitachi, Japan – Bart Preneel, [email protected] Katholieke Universiteit Leuven, Belgium – Vincent Rijmen, [email protected] Cryptomathic, Belgium and Graz University of Technology, Austria – Kouichi Sakurai, [email protected] Kyushu University, Japan – Erkay Sava¸s, [email protected] Sabanci University, Turkey – Werner Schindler, [email protected] Bundesamt fu¨r Sicherheit in der Informationstechnik, Germany Preface VII – Jean-Pierre Seifert, [email protected] Infineon technologies AG, Germany – Berk Sunar, [email protected] Worcester Polytechnic Institute, USA – Tsuyoshi Takagi, [email protected] Technische Universit¨at Darmstadt, Germany – Elena Trichina, [email protected] University of Kuopio, Finland – Ingrid Verbauwhede, [email protected] University of California, Los Angeles, USA – Sung-Ming Yen, [email protected] National Central University, Taiwan The external referees: – Toru Akishita (Sony Corporation, Japan) – Mehdi-Laurent Akkar (Schlumberger Smart Cards, France) – Seigo Arita (NEC Corporation, Japan) – Harald Baier (Technische Universita¨t Darmstadt, Germany) – Claude Barral (Gemplus, France) – R´egis Bevan (Oberthur Card Systems, France) – Mike Bond (University of Cambridge, UK) – Antoon Bosselaers (Katholieke Universiteit Leuven, Belgium) – Eric Brier (Gemplus, France) – Benoit Chevallier-Mames (Gemplus, France) – Jaewook Chung (University of Waterloo, Canada) – Charles Clancy (University of Illinois, Urbana-Champaign, USA) – Nicolas Courtois (Schlumberger Smart Cards, France) – Evelyne Dewitte (Katholieke Universiteit Leuven, Belgium) – Jean-Franc¸ois Dhem (Gemplus, France) – Nevine Ebeid (University of Waterloo, Canada) – Itamar Elhanany (Ben-Gurion University, Israel) – Wieland Fischer (Infineon Technologies AG, Germany) – Jacques Fournier (Gemplus, France) – Shinobu Fujita (Toshiba Corporation, Japan) – Soichi Furuya (Hitachi Ltd., Japan) – Berndt Gammel (Infineon Technologies AG, Germany) – Christophe Giraud (Oberthur Card Systems, France) – Johann Groszschaedl (Technische Universita¨t Graz, Austria) – Jorge Guajardo (Ruhr-Universita¨t Bochum, Germany) – Sang Yun Han (Pohang University of Science and Technology, Korea) – Helena Handschuh (Gemplus, France) – Marko Hassinen (University of Kuopio, Finland) – Alireza Hodjat (University of California, Los Angeles, USA) – David Hwang (University of California, Los Angeles, USA) – Yong Ho Hwang (Pohang University of Science and Technology, Korea) VIII Preface – Tetsuya Izu (Fujitsu Laboratories Ltd., Japan) – Ji Hyun Jung (Pohang University of Science and Technology, Korea) – Chong Hee Kim (Pohang University of Science and Technology, Korea) – Ki Hyun Kim (Pohang University of Science and Technology, Korea) – Masanobu Koike (Toshiba Corporation, Japan) – Sandeep Kumar (Ruhr-Universita¨t Bochum, Germany) – Noboru Kunihiro (The University of Electro-Communications, Japan) – Eonkyung Lee (Korea Information Security Agency, Korea) – Sungjae Lee (Korea Information Security Agency, Korea) – Philippe Loubet-Moundi (Gemplus, France) – Jonathan Lutz (University of Waterloo, Canada) – Raimondo Luzzi (Infineon Technologies AG, Germany) – Bodo Mo¨ller (Technische Universita¨t Darmstadt, Germany) – Simon Moore (University of Cambridge, UK) – Francis Olivier (Gemplus, France) – Elisabeth Oswald (Technische Universita¨t Graz, Austria) – Dong Jin Park (Pohang University of Science and Technology, Korea) – In Kook Park (Pohang University of Science and Technology, Korea) – Jae Hwan Park (Pohang University of Science and Technology, Korea) – Joon Hah Park (Pohang University of Science and Technology, Korea) – Eric Peeters (Universit´e catholique de Louvain, Belgium) – Beatrice Peirani (Gemplus, France) – Jan Pelzl (Ruhr-Universita¨t Bochum, Germany) – Guillaume Poupard (DCSSI Crypto Lab, France) – Zulfikar Ramzan (IP Dynamics, Inc., USA) – Arash Reyhani-Masoleh (University of Waterloo, Canada) – Francisco Rodr´ıguez-Henr´ıquez (CINVESTAV-IPN, Mexico) – Manfred Roth (Infineon Technologies AG, Germany) – Ga¨el Rouvroy (Universit´e catholique de Louvain, Belgium) – Yasuyuki Sakai (Mitsubishi Electric Corporation, Japan) – Fumihiko Sano (Toshiba Corporation, Japan) – Akashi Satoh (IBM Japan Ltd., Japan) – Jasper Scholten (Katholieke Universiteit Leuven, Belgium) – Kai Schramm (Ruhr-Universita¨t Bochum, Germany) – Hideo Shimizu (Toshiba Corporation, Japan) – Jong Hoon Shin (Pohang University of Science and Technology, Korea) – Sang Gyoo Sim (Pohang University of Science and Technology, Korea) – Toru Sorimachi (Mitsubishi Electric Corporation, Japan) – Franc¸ois-Xavier Standaert (Universit´e catholique de Louvain, Belgium) – Daisuke Suzuki (Mitsubishi Electric Corporation, Japan) – Masashi Takahashi (Hitachi Ltd., Japan) – Masahiko Takenaka (Fujitsu Laboratories Ltd., Japan) – Alexandre F. Tenca (Oregon State University, Corvallis, USA) – Kris Tiri (University of California, Los Angeles, USA) – Shigenori Uchiyama (NTT Laboratories, Japan) – Frederik Vercauteren (University of Bristol, UK) Preface IX – Johannes Wolkerstorfer (Technische Universita¨t Graz, Austria) – Thomas Wollinger (Ruhr-Universita¨t Bochum, Germany) – Huapeng Wu (University of Windsor, Canada) – YeonHyeong Yang (Pohang University of Science and Technology, Korea) – Sung Ho Yoo (Pohang University of Science and Technology, Korea) – Young Tae Youn (Pohang University of Science and Technology, Korea) – Dae Hyun Yum (Pohang University of Science and Technology, Korea) The companies which provided support to CHES 2003: – Comodo Research Lab — http://www.comodogroup.com – Cryptovision — http://www.cryptovision.com – GITS AG ( Gesellschaft fu¨r IT-Sicherheit) — http://www.gits-ag.de – Ministry for Research, Landesregierung Nordrhein-Westfalen — http://www.bildungsportal.nrw.de – Ph.D. school “Secure Communication” — www.exp-math.uni-essen.de/zahlentheorie/gkkrypto CHES Workshop Proceedings – C¸. K. Koc¸ and C. Paar (Editors). Cryptographic Hardware and Embedded Systems, First International Workshop, Worcester, MA, USA, August 12– 13, 1999, LNCS No. 1717, Springer-Verlag, Berlin, Heidelberg, New York, 1999. – C¸. K. Koc¸ and C. Paar (Editors). Cryptographic Hardware and Embed- dedSystems–CHES2000,SecondInternationalWorkshop,Worcester,MA, USA, August 17–18, 2000, LNCS No. 1965, Springer-Verlag, Berlin, Heidel- berg, New York, 2000. – C¸. K. Koc¸, D. Naccache, and C. Paar (Editors). Cryptographic Hardware andEmbeddedSystems–CHES2001,ThirdInternationalWorkshop,Paris, France, May 14–16, 2001, LNCS No. 2162, Springer-Verlag, Berlin, Heidel- berg, New York, 2001. – B. Kaliski Jr., C¸. K. Koc¸, and C. Paar (Editors). Cryptographic Hardware and Embedded Systems – CHES 2002, 4th International Workshop, Red- wood Shores, CA, USA, August 13–15, 2002, LNCS No. 2523, Springer- Verlag, Berlin, Heidelberg, New York, 2002. – C. D. Walter, C¸. K. Koc¸, and C. Paar (Editors). Cryptographic Hardware andEmbeddedSystems–CHES2003,5thInternationalWorkshop,Cologne, Germany, September 8–10, 2003, LNCS No. 2779, Springer-Verlag, Berlin, Heidelberg, New York, 2003. (These proceedings). Table of Contents Invited Talk The Security Challenges of Ubiquitous Computing .................... 1 Frank Stajano Side Channel Attack Methodology Multi-channel Attacks ............................................. 2 Dakshi Agrawal, Josyula R. Rao, Pankaj Rohatgi Hidden Markov Model Cryptanalysis ................................ 17 Chris Karlof, David Wagner Power-Analysis Attacks on an FPGA – First Experimental Results...... 35 Sıddıka Berna O¨rs, Elisabeth Oswald, Bart Preneel Hardware Factorization Hardware to Solve Sparse Systems of Linear Equations over GF(2) ...... 51 Willi Geiselmann, Rainer Steinwandt Symmetric Ciphers: Side Channel Attacks and Countermeasures Cryptanalysis of DES Implemented on Computers with Cache .......... 62 Yukiyasu Tsunoo, Teruo Saito, Tomoyasu Suzaki, Maki Shigeri, Hiroshi Miyauchi A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD .......................... 77 Gilles Piret, Jean-Jacques Quisquater A New Algorithm for Switching from Arithmetic to Boolean Masking.... 89 Jean-S´ebastien Coron, Alexei Tchulkine DeKaRT: A New Paradigm for Key-Dependent Reversible Circuits ...... 98 Jovan D. Goli´c Secure Hardware Logic Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers ..................... 113 Ramesh Karri, Grigori Kuznetsov, Michael Goessel

