HP just announced their big new plans for international exportable crypto using tamperproof PCM-CIA smartcards with multiple tamperproof GAK plugins. Anderson&Kuhn just announced the latest in a series of attacks on "tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers. Obviously it must be a conspiracy :-) It's also an opportunity for some well-timed press releases. Clipper 1's reputation was severely damaged by Matt's attack. Anybody know if HP's giving out samples, and if there are real or test GAK plugins for them? HP URL http://www.dmo.hp.com/gsy/security/icf/main.html The paper was posted to coderpunks, and it's on ftp://ftp.cl.cam.ac.uk/users/rja14/dfa Here's the intro: --------------------------------------------------------------------- Improved Differential Fault Analysis Ross J Anderson, Markus G Kuhn In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts in which one-bit errors have been induced by environmental stress. Here we show an attack that requires less than ten ciphertexts. Furthermore, our attack is practical in that it uses a fault model that has been implemented in attacks on real smartcards. In [2], Biham and Shamir show how their method can be extended to reverse engineer algorithms whose structure is unknown. Our attack can also be extended to such cases and is more efficient there too. In [3], Boneh, De Millo and Lipton discuss how such techniques can be used to attack RSA. Again, their attack is theoretical only, We show how to do it in practice. -------------------------------------------------------------------------- # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.)