Chosen-IV correlation power analysis on kcipher-2 hardware and a masking-based countermeasure

Takafumi Hibiki, Naofumi Homma, Yuto Nakano, Kazuhide Fukushima, Shinsaku Kiyomoto, Yutaka Miyake, Takafumi Aoki

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


This paper presents a chosen-IV (Initial Vector) correlation power analysis on the international standard stream cipher KCipher-2 together with an effective countermeasure. First, we describe a power analysis technique which can reveal the secret key (initial key) of KCipher-2 and then evaluate the validity of the CPA with experiments using both FPGA and ASIC implementations of KCipher-2 processors. This paper also proposes a masking-based countermeasure against the CPA. The concept of the proposed countermeasure is to mask intermediate data which pass through the non-linear function part including integer addition, substitution functions, and internal registers L1 and L2. We design two types of masked integer adders and two types of masked substitution circuits in order to minimize circuit area and delay, respectively. The effectiveness of the countermeasure is demonstrated through an experiment on the same FPGA platform. The performance of the proposed method is evaluated through the ASIC fabricated by TSMC 65 nm CMOS process technology. In comparison with the conventional design, the design with the countermeasure can be achieved by the area increase of 1.6 times at most.

Original languageEnglish
Pages (from-to)157-166
Number of pages10
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Issue number1
Publication statusPublished - 2014 Jan


  • Correlation power analysis
  • Kcipher-2
  • Random masking
  • Side-channel attacks

ASJC Scopus subject areas

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics


Dive into the research topics of 'Chosen-IV correlation power analysis on kcipher-2 hardware and a masking-based countermeasure'. Together they form a unique fingerprint.

Cite this