Paper 2017/1144

How Far Can We Reach? Breaking Masked AES Smartcard Implementation Using One Trace

Wei Cheng, Chao Zheng, Yuchen Cao, Yongbin Zhou, Hailong Zhang, Sylvain Guilley, and Laurent Sauvage


Rotating Sbox Masking (RSM) scheme is a highly efficient masking scheme proposed to protect cryptographic implementations from side channel attacks. It is a Low Entropy Masking Scheme and has attracted special attention for its low overhead but high performance. The two public targets of international academic competition DPA Contest v4 are both RSM-masked AES implementations, specifically, RSM-AES-256 for v4.1 and RSM-AES-128 for v4.2 respectively. The side channel security of RSM-AES-256 was intensively studied by researchers worldwide under the framework of DPA Contest and several flaws were identified, while the security of RSM-AES-128 is still not thoroughly studied. In this paper, we focus on analyzing the practical security of RSM-AES-128 from a profiling attack point of view. Specifically, we firstly present a Multivariate Template Attack (MTA) to maximize the success rates of key recovery attack. Next, we propose a new Depth-First Key Enumeration Algorithm (DFKEA) that could be applied to find the correct key efficiently after a side channel attack. By integrating the DFKEA to our MTA, we propose a novel multivariate profiling attack which could recover the whole secret key of RSM-AES-128 with over 95% possibility only using one electromagnetic trace. It is the best attack among all attacks submitted to DPA Contest Official up to now. Finally, we present one proposal to further improve the practical security of RSM-AES-128 at an acceptable overhead.

Available format(s)
Publication info
Preprint. MINOR revision.
Side Channel AttacksTemplate AttackDPA ContestCountermeasuresRotating Sbox Masking SchemeShuffling Scheme
Contact author(s)
wei cheng @ telecom-paristech fr
2019-03-14: revised
2017-11-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Wei Cheng and Chao Zheng and Yuchen Cao and Yongbin Zhou and Hailong Zhang and Sylvain Guilley and Laurent Sauvage},
      title = {How Far Can We Reach? Breaking Masked {AES} Smartcard Implementation Using One Trace},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1144},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.