Paul Bell wrote:
does anyone know what has happened to DFA, and the people who just a few months ago were publishing such encouraging results?
There seems be sustained investigation of DFA, offensive and defensive, by Biham and Shamir, by Anderson and Kuhn, by the Bellcore team, by Quisquater and others. However, the smartcard manufacturers appear to have a role in dampening publicity about the ongoing research, or at least diminishing the claims of effectiveness of DFA. Carol Francher, of Motorola, for example, writes in February IEEE Spectrum: Technology is a wonderful thing but criminals, too, can use it as new equipment and techniques become available or less expensive the barriers to cracking a system may weaken. Recently Bellcore announced a paper, "Cryptanalysis in the presence of hardware faults" (available at www.bellcore.com), that proposed a theoretical method for breaking an asymmetric encryption code once a computer (or a smartcard microcontroller) had been forced into faulty behavior. The Smart Card Forum, a multi-industry membership organization headquartered in Tampa, Fla., has stated that it does not regard this approach as a real-world risk, since in smartcard applications more than one technique is used to protect the security of the entire system. But the Bellcore methodology for breaking algorithms -- as well as similar theoretical approaches, such as the one taken by two Israeli researchers, Eli Biham and Adi Shamir -- highlights the need to analyze and evolve the security of any system continually. -- "In your pocket: smartcards." <http://jya.com/tee08.htm> Several of the DFA-type researchers have commented on the smartcard industry's reluctance to publicize security weaknesses when the push is on to increase consumer trust and use; see, for example, Anderson and Kuhn at: http://www.cl.cam.ac.uk/users/rja14/tamper.html Quisquater and the SG group also note the reluctance of smartcard mass-marketers to own up to security shortcomings of which their own engineers know and fret. Meanwhile, the DFA proponents and opponents are eagerly absorbing the continuing DFA-relatged reports, quietly watching one another, and both sides eying the booming smartcard market for lucrative rewards, as Ms. Francher suggests: licit and il.