Cryptology ePrint Archive: Report 2013/842

Detecting Hidden Leakages

Amir Moradi and Sylvain Guilley and Annelie Heuser

Abstract: Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

Category / Keywords: side-channel analysis, leakage detection, variance test, NICV, correlation-collision, CPA, hidden models, linear regression.

Original Publication (in the same form): ACNS 2014

Date: received 13 Dec 2013, last revised 28 Mar 2014

Contact author: amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Version: 20140328:165132 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]