Twofish Power Analysis Attack
New paper: “A Simple Power Analysis Attack on the Twofish Key Schedule.” This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them.
The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the computer. I wrote a paper about this back in 1999.
Poul-Henning Kamp • January 12, 2017 6:46 AM
I would argue that today there is an even more fundamental threat model here:
If the attacker has physical control of the computer, even if only temporarily, you don’t know what hardware your program is running on in the first place.