Corporate Research & Development Center

Toshiba ties for first place in the DPA contest to compete for the vulnerability assessment capacity of cryptographic processing devices



Toshiba has developed an efficient method for assessing the vulnerability of cryptographic processing devices. We participated in the DPA v4 contest, in which contestants from all over the world competed for the vulnerability assessment capacity of processing devices, and tied for first place for achieving a single waveform, which is the minimum power consumption required for the assessment.

Development background

Cryptographic processing devices such as IC cards are exposed to the threat of side channel attacks which make use of subtle changes in power consumption during operation to steal the secret key. Therefore a cryptographic processing device must be designed to disable the attacks or sufficiently lower the threat level. Manufacturing a cryptographic processing device requires the development of countermeasures as well as an assessment method to check the attack tolerance. It is also important to make the assessment efficient in order to shorten the development period and release the product at the right time.
Toshiba has been studying an efficient, learning-based assessment method against the latest attacks. This method consists of two phases: a learning phase in which learning data is created for each candidate of the secret key based on power consumption waveforms, and an assessment phase in which a similarity between the power consumption waveform (subject to assessment) and each of the learning data is confirmed. The secret key is not identified if there is no similarity between the power consumption waveform and the learning data, thus confirming that our technique is effective. To make the assessment more efficient, we had to reduce the number of power consumption waveforms needed to check the similarity in the assessment phase.

Vulnerability assessment technology for cryptographic processing device

Toshiba has developed its own learning method for the learning-based vulnerability assessment, and successfully identified a 256-bit AES (Note 1) secret key by a single waveform at the DPA contest v4 (Note 2). This means that we achieved the smallest number of power consumption waveforms required for confirmation in the assessment phase. Our achievement, which put us in the tie for first place, was presented at COSADE2014 (Note 3), one of the important international forums on side channel attacks.


Toshiba has designed a countermeasure technique backed up by an assessment technology and has been developing cryptographic processing devices such as IC cards. We are promptly establishing such techniques to combat ever-more sophisticated attack technologies and contributing to the M2M system in which secure communication is indispensable.

(Note 1) AES: Common key encryption method established by the U.S. National Institute of Standards and Technology (NIST). It is used in a number of products.

(Note 2) DPA contest v4: An international contest in which contestants compete for power analysis attack technologies, sponsored by Telecom Paris Tech University in France. According to the organizer, 30 teams from ten countries joined the contest and universities and security consultants from Germany, China, U.S., and Singapore other than Toshiba finished in the top ranks.

(Note 3) COSADE (Workshop on Constructive Side-Channel Analysis and Secure Design): An international conference on implementation attacks and countermeasure techniques.