Paper 2023/724

Not so Difficult in the End: Breaking the Lookup Table-based Affine Masking Scheme

Lichao Wu, Radboud University Nijmegen
Guilherme Perin, Leiden University
Stjepan Picek, Radboud University Nijmegen

The lookup table-based masking countermeasure is prevalent in real-world applications due to its potent resistance against side-channel attacks and low computational cost. The ASCADv2 dataset, for instance, ranks among the most secure publicly available datasets today due to two layers of countermeasures: lookup table-based affine masking and shuffling. Current attack approaches rely on strong assumptions. In addition to requiring access to the source code, an adversary would also need prior knowledge of random shares. This paper forgoes reliance on such knowledge and proposes two attack approaches based on the vulnerabilities of the lookup table-based affine masking implementation. As a result, the first attack can retrieve all secret keys' reliance in less than a minute without knowing mask shares. Although the second attack is not entirely successful in recovering all keys, we believe more traces would help make such an attack fully functional.

Available format(s)
Publication info
Published elsewhere. Minor revision. Selected Areas in Cryptography (SAC)
Side-channel analysisSide-channel collision attackCorrelation
Contact author(s)
lichao wu9 @ gmail com
guilhermeperin7 @ gmail com
picek stjepan @ gmail com
2023-09-27: revised
2023-05-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Lichao Wu and Guilherme Perin and Stjepan Picek},
      title = {Not so Difficult in the End: Breaking the Lookup Table-based Affine Masking Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2023/724},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.