Cryptology ePrint Archive: Report 2013/842
Detecting Hidden Leakages
Amir Moradi and Sylvain Guilley and Annelie Heuser
Abstract: Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).
Category / Keywords: side-channel analysis, leakage detection, variance test, NICV, correlation-collision, CPA, hidden models, linear regression.
Original Publication (in the same form): ACNS 2014
Date: received 13 Dec 2013, last revised 28 Mar 2014
Contact author: amir moradi at rub de
Available format(s): PDF | BibTeX Citation
Version: 20140328:165132 (All versions of this report)
Short URL: ia.cr/2013/842
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]