Paper 2019/345

Second-order Scatter Attack

Hugues Thiebeauld, Aurélien Vasselle, and Antoine Wurcker


Second-order analyses have shown a great interest to defeat first level of masking protections. Their practical realization remains tedious in a lot of cases. This is partly due to the difficulties of achieving a fine alignment of two areas that are combined together afterward. Classical protections makes therefore use of random jitter or shuffling to make the alignment difficult or even impossible. This paper extends Scatter attack to high-order analyses. Processing the jointdistribution of two selection of points, it becomes possible to retrieve the secret key even when traces are not fully aligned. The results presented in this paper are validated through practical experimentation and compared with existing window-based techniques, such as the FFT. Scatter shows the best results when misalignment is significant. This illustrates that Scatter offers an alternative to existing high-order attacks and can target all kinds of cryptography implementations, regardless they are executed in hardware or software. With the ability to exploit several leakage points, it may be valuable also when applying a second-order attack on aligned traces.

Available format(s)
Publication info
Preprint. Minor revision.
Side-channelMisalignmentScatterSecond-orderMutual InformationSobelImage ProcessingBoolean Masking
Contact author(s)
aurelien vasselle @ eshard com
hugues thieabeauld @ eshard com
antoine wurcker @ eshard com
2019-04-03: received
Short URL
Creative Commons Attribution


      author = {Hugues Thiebeauld and Aurélien Vasselle and Antoine Wurcker},
      title = {Second-order Scatter Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2019/345},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.