Project HCC-1

Title: Differential Power Analysis

Description:

Differential power cryptanalysis has been invented in 1998 by a group of researchers from Cryptography Research, Inc., led by an inventor of timing cryptanalysis Paul Kocher. As of today, these attacks are successful against majority of cryptographic tokens available on the market, including all types of smart cards, PCMCIA cards and cryptographic buttons, and no effective countermeasure has been developed, yet. The only effective defense is the physical protection, as the attack requires an access to a cryptographic token with secret parameters, such as a cryptographic key, stored on. No tamper-resistant covers seem to prevent analysis. The attack is based on sampling the power consumption of the device for a series of cryptographic transformations involving hundreds to thousands of random ciphertexts, and then performing a statistical analysis, leading to a full recovery of the key. Reconstructing the full secret or private key takes no more than several minutes, and requires  only standard readily-available measurement equipment worth a few hundred to a few thousand dollars. Your task would be to fully understand the attack, show how it can be applied to symmetric ciphers such as triple DES, IDEA, and RC5, and to analyze possible countermeasures.

Literature:

1. Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Introduction to Differential Power Analysis and Related Attacks,” available on the web at http://www.cryptography.com/dpa/technical/index.html
2. Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Cryptography Research Q&A on Differential Power Analysis,” available on the web at http://www.cryptography.com/dpa/qa/index.html

Project HCC-2

Description:

RC5 is a new block cipher devised by Ron Rivest - one of the inventors of the RSA cryptosystem - as an alternative for the old American standard DES. The cipher has a variable key size, and a variable input/output block size. Variable key length permits RC5 to be exported abroad, but only under the condition that the key size is less or equal to 40 bits. Such a small key length, may make the cipher vulnerable to the exhaustive key search attack. Your task is to design at the logic level the RC-5 breaking machine, and to estimate the number of chips that are necessary to break a single key within one hour. You can follow the design and cost estimates for the DES breaking machine devised by Michael Wiener [5]. Basic operations of the RC5 are: XOR, rotation, and addition.

Literature:

1. B. Schneier, "Applied cryptography," chapter 14.8, pp. 344-346.
2. R. L. Rivest, "The RC5 Encryption Algorithm," RSA Laboratories' CryptoBytes, vol. 1, no. 1, spring 1995, pp. 9-11.
3. B. Kaliski and Y. L. Yin, "On the Security of the RC5 Encryption Algorithm," RSA Laboratories' CryptoBytes, vol. 1, no. 2, summer 1995, pp. 13-14.
4. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, "Handbook of Applied Cryptology," chapter 7.7.2, pp. 269-270.
5. M.J. Wiener, "Efficient DES Key Search," Technical Report TR-244, School of Computer Science, Carleton University, May 1994.