Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.

[1]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[2]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[3]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[4]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[5]  Claude Carlet,et al.  Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions , 2013, IACR Cryptol. ePrint Arch..

[6]  Alan Kaminsky,et al.  An overview of cryptanalysis research for the advanced encryption standard , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[7]  Thomas Eisenbarth,et al.  On the Vulnerability of Low Entropy Masking Schemes , 2013, CARDIS.

[8]  Sylvain Guilley,et al.  Exploiting small leakages in masks to turn a second-order attack into a first-order attack , 2015, HASP@ISCA.

[9]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[10]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[11]  Sylvain Guilley,et al.  Analysis and Improvements of the DPA Contest v4 Implementation , 2014, SPACE.

[12]  Sylvain Guilley,et al.  Correlation-immune Boolean functions for easing counter measures to side-channel attacks , 2014 .

[13]  Emmanuel Prouff,et al.  A Generic Method for Secure SBox Implementation , 2007, WISA.

[14]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[15]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[16]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[17]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[18]  Jerry den Hartog,et al.  You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation , 2009, WISA.

[19]  Christophe Giraud,et al.  Provably Secure S-Box Implementation Based on Fourier Transform , 2006, CHES.

[20]  Kazuhiko Minematsu,et al.  A smaller and faster variant of RSM , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Sylvain Guilley,et al.  Multivariate High-Order Attacks of Shuffled Tables Recomputation , 2015, Journal of Cryptology.

[22]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[23]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[24]  Claude Carlet,et al.  Side-channel indistinguishability , 2013, HASP '13.

[25]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[26]  Michael Tunstall,et al.  Masking Tables - An Underestimated Security Risk , 2013, FSE.

[27]  Donald E. Knuth,et al.  Efficient balanced codes , 1986, IEEE Trans. Inf. Theory.

[28]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[29]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.