Paper 2018/869

Higher-Order DCA against Standard Side-Channel Countermeasures

Andrey Bogdanov and Matthieu Rivain and Philip S. Vejre and Junwei Wang

Abstract

At CHES 2016, Bos $\textit{et al.}$ introduced $\textit{differential computational analysis}$ (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses traces consisting of plain values computed by the implementation during execution. This attack was shown to be able to recover the key of many existing AES white-box implementations. The $\textit{DCA adversary}$ is $\textit{passive}$, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. An important problem is therefore how to develop implementations which are resistant to this attack. A natural approach is to apply standard side-channel countermeasures such as $\textit{masking}$ and $\textit{shuffling}$. In this paper, we study the security brought by this approach against the DCA adversary. We show that under some necessary conditions on the underlying randomness generation, these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce $\textit{higher-order DCA}$, and analyze the security of the countermeasures against this attack. This attack is enhanced by introducing a $\textit{multivariate}$ version based on the maximum likelihood approach. We derive analytic expressions for the complexity of the attacks which are backed up through extensive attack experiments. As a result, we can quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting. This enables a designer to choose appropriate implementation parameters in order to obtain the desired level of protection against passive DCA attacks.