Paper 2020/1202

Correlation Power Analysis and Higher-order Masking Implementation of WAGE

Yunsi Fei, Guang Gong, Cheng Gongye, Kalikinkar Mandal, Raghvendra Rohit, Tianhong Xu, Yunjie Yi, and Nusa Zidaric


WAGE is a hardware-oriented authenticated cipher, which has the smallest (unprotected) hardware cost (for 128-bit security level) among the round 2 candidates of the NIST lightweight cryptography (LWC) competition. In this work, we analyze the security of WAGE against the correlation power analysis (CPA) on ARM Cortex-M4F microcontroller. Our attack detects the secret key leakage from power consumption for up to 12 (out of 111) rounds of the WAGE permutation and requires 10,000 power traces to recover the 128-bit secret key. Motivated by the CPA attack and the low hardware cost of WAGE, we propose the first optimized masking scheme of WAGE in the t-strong non-interference (SNI) security model. We investigate different masking schemes for S-boxes by exploiting their internal structures and leveraging the state-of-the-art masking techniques.To practically demonstrate the effectiveness of masking, we perform the test vector leakage assessment on the 1-order masked WAGE. We evaluate the hardware performance of WAGE for 1, 2, and 3-order security and provide a comparison with other NIST LWC round 2 candidates.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. SAC 2020
Authenticated encryptionWAGESide-channel attackCorrelation power analysis
Contact author(s)
rsrohit @ uwaterloo ca
2020-10-06: received
Short URL
Creative Commons Attribution


      author = {Yunsi Fei and Guang Gong and Cheng Gongye and Kalikinkar Mandal and Raghvendra Rohit and Tianhong Xu and Yunjie Yi and Nusa Zidaric},
      title = {Correlation Power Analysis and Higher-order Masking Implementation of WAGE},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1202},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.