Smart Card Cracker at RSA tradeshow

[Samizdatt]

Date: Thu, 21 Feb 2002 00:46:08 -0800
To: cypherpunks@lne.com
From: Bill Stewart <bill.stewart@pobox.com>
Subject: Smart Card Cracker at RSA tradeshow - Cool! 

Most of the exhibits at the RSA show looked like such things usually do. But one exhibit was really cool - Datacard Group, near the
back around the middle. If you're there, you absolutely have to see these guys. 

They were cracking smart cards using Differential Power Analysis and Differential Fault Analysis - they have a stack of equipment
with an oscilloscope and some magic boxes and a PC display, and they were showing "see these 16 vertical lines?  That's 16 rounds of
DES. Let's zoom in - this shape here is an S-box.  I'll start the cracking program, and we'll have the key in a minute or two", and sure
enough they did. Triple-DES only takes about 3 times as long... 

Finding the two primes from an RSA key took a similar amount of time - it's not doing some magic factoring technique, it's watching
a card that has the two primes in it signing stuff.  I think that demo was Differential Fault Analysis, where they hand the card some
voltages and frequencies that are much different than it's designed for, and look at the different results they get depending on what
parts they poke. 

I've seen Paul Kocher's descriptions in the past about how this stuff is possible - it's not the same impact as watching it done, and
seeing how amazingly fast it can be. 

They're set up to do a couple formats of cards, including contactless as well as the standard contact-based things. 

Of course, there are also a few dozen smartcard vendors at the show, talking about how their authentication systems will make health
care and banking and biometric citizen-unit-tracking perfectly secure :-)