Side Channel Cryptanalysis of a Higher Order Masking Scheme

In the recent years, DPA attacks have been widely investigated. In particular, 2-nd order DPA have been improved and successfully applied to break many masked implementations. In this context a higher order masking scheme has been proposed by Schramm and Paar at CT-RSA 2006. The authors claimed that the scheme is resistant against d-th order DPA for any arbitrary chosen order d. In this paper, we prove that this assertion is false and we exhibit several 3-rd order DPA attacks that can defeat Schramm and Paar's countermeasure for any value of d.

[1]  R. Fisher,et al.  On the Mathematical Foundations of Theoretical Statistics , 1922 .

[2]  J. Davenport Editor , 1960 .

[3]  Editors , 1986, Brain Research Bulletin.

[4]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[5]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[6]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[7]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[8]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[9]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[10]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[11]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[12]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[13]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[14]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[15]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[16]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[17]  Elena Trichina,et al.  Simplified Adaptive Multiplicative Masking for AES , 2002, CHES.

[18]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[19]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[20]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[21]  Daniel Page,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005 , 2004 .

[22]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[23]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[24]  Eric Peeters,et al.  Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[25]  Eric Peeters,et al.  On the masking countermeasure and higher-order power analysis attacks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[26]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[27]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[28]  Dakshi Agrawal,et al.  Templates as Master Keys , 2005, CHES.

[29]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[30]  Masayuki Abe Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007, Proceedings , 2006, CT-RSA.

[31]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[32]  Stefan Mangard,et al.  Template Attacks on Masking - Resistance Is Futile , 2007, CT-RSA.

[33]  T. Kanade,et al.  Topics in Cryptology - CT-RSA 2009 , 2009 .

[34]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .