On the Easiness of Turning Higher-Order Leakages into First-Order

Applying random and uniform masks to the processed intermediate values of cryptographic algorithms is arguably the most common countermeasure to thwart side-channel analysis attacks. So-called masking schemes exist in various shapes but are mostly used to prevent side-channel leakages up to a certain statistical order. Thus, to learn any information about the key-involving computations a side-channel adversary has to estimate the higher-order statistical moments of the leakage distributions. However, the complexity of this approach increases exponentially with the statistical order to be estimated and the precision of the estimation suffers from an enormous sensitivity to the noise level. In this work we present an alternative procedure to exploit higher-order leakages which captivates by its simplicity and effectiveness. Our approach, which focuses on (but is not limited to) univariate leakages of hardware masking schemes, is based on categorizing the power traces according to the distribution of leakage points. In particular, at each sample point an individual subset of traces is considered to mount ordinary first-order attacks. We present the theoretical concept of our approach based on simulation traces and examine its efficiency on noisy real-world measurements taken from a first-order secure threshold implementation of the block cipher PRESENT-80, implemented on a 150 nm CMOS ASIC prototype chip. Our analyses verify that the proposed technique is indeed a worthy alternative to conventional higher-order attacks and suggest that it might be able to relax the sensitivity of higher-order evaluations to the noise level.

[1]  Yongdae Kim,et al.  Biasing power traces to improve correlation in power analysis attacks , 2010 .

[2]  Sylvain Guilley,et al.  Leakage Squeezing Countermeasure against High-Order Attacks , 2011, WISTP.

[3]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[4]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[5]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[6]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[7]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[8]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[9]  Amir Moradi,et al.  On the Simplicity of Converting Leakages from Multivariate to Univariate - (Case Study of a Glitch-Resistant Masking Scheme) , 2013, CHES.

[10]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[11]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[12]  Degang Sun,et al.  Enhanced Correlation Power Analysis by Biasing Power Traces , 2016, ISC.

[13]  Claude Carlet,et al.  Leakage Squeezing of Order Two , 2012, INDOCRYPT.

[14]  Patrick Schaumont,et al.  Changing the Odds Against Masked Logic , 2006, Selected Areas in Cryptography.

[15]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[16]  Stefan Mangard,et al.  Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis , 2007, ACNS.

[17]  Patrick Schaumont,et al.  Slicing up a perfect hardware masking scheme , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[18]  Tim Güneysu,et al.  Strong 8-bit Sboxes with efficient masking in hardware extended version , 2016, Journal of Cryptographic Engineering.

[19]  Amir Moradi,et al.  Assessment of Hiding the Higher-Order Leakages in Hardware - What Are the Achievements Versus Overheads? , 2015, CHES.

[20]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[21]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[22]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[23]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[24]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.