Paper 2010/180

The World is Not Enough: Another Look on Second-Order DPA

Francois-Xavier Standaert, Nicolas Veyrat-Charvillon, Elisabeth Oswald, Benedikt Gierlichs, Marcel Medwed, Markus Kasper, and Stefan Mangard


In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that explores these two topics in the case of a masked implementation exhibiting a Hamming weight leakage model. Our results lead to refined intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). This evaluation confirms that higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous~methods.

Available format(s)
Publication info
Published elsewhere. Appeared in the proceedings of Asiacrypt 2010, Lecture Notes in Computer Science, vol 6477, pp 112-129, Singapore, December 2010.
side-channel attacks
Contact author(s)
fstandae @ uclouvain be
2011-01-03: revised
2010-04-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Francois-Xavier Standaert and Nicolas Veyrat-Charvillon and Elisabeth Oswald and Benedikt Gierlichs and Marcel Medwed and Markus Kasper and Stefan Mangard},
      title = {The World is Not Enough: Another Look on Second-Order DPA},
      howpublished = {Cryptology ePrint Archive, Paper 2010/180},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.