Paper 2013/842

Detecting Hidden Leakages

Amir Moradi, Sylvain Guilley, and Annelie Heuser


Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

Available format(s)
Publication info
Published elsewhere. ACNS 2014
side-channel analysisleakage detectionvariance testNICVcorrelation-collisionCPAhidden modelslinear regression.
Contact author(s)
amir moradi @ rub de
2014-03-28: revised
2013-12-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amir Moradi and Sylvain Guilley and Annelie Heuser},
      title = {Detecting Hidden Leakages},
      howpublished = {Cryptology ePrint Archive, Paper 2013/842},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.