A Statistical Model for Higher Order DPA on Masked Devices
نویسندگان
چکیده
A popular effective countermeasure to protect block cipher implementations against differential power analysis (DPA) attacks is to mask the internal operations of the cryptographic algorithm with random numbers. While the masking technique resists against first-order (univariate) DPA attacks, higher-order (multivariate) attacks were able to break masked devices. In this paper, we formulate a statistical model for higher-order DPA attack. We derive an analytic success rate formula that distinctively shows the effects of algorithmic confusion property, signal-noise-ratio (SNR), and masking on leakage of masked devices. It further provides a formal proof for the centered product combination function being optimal for higher-order attacks in very noisy scenarios. We believe that the statistical model fully reveals how the higher-order attack works around masking, and would offer good insights for embedded system designers to implement masking techniques.
منابع مشابه
Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers
In this article we describe an improved concept for secondorder differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount secondorder DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess th...
متن کاملFirst-order DPA Vulnerability of Rijndael: Security and Area-delay Optimization Trade-off
Differential Power Analysis (DPA) attack for smart card, ASIC or micro controller based on crypto-systems have been demonstrated by several authors. Masking is a very well known approach as a DPA countermeasure. Due to cascading architecture of masked multiplier, the existing masking schemes increase timing and area complexity. Balanced masked architecture brings poor security guaranty. In this...
متن کاملImproved Higher-Order Side-Channel Attacks with FPGA Experiments
We demonstrate that masking a block cipher implementation does not sufficiently improve its security against side-channel attacks. Under exactly the same hypotheses as in a Differential Power Analysis (DPA), we describe an improvement of the previously introduced higherorder techniques allowing us to defeat masked implementations in a low (i.e. practically tractable) number of measurements. The...
متن کاملSide Channel Cryptanalysis of a Higher Order Masking Scheme
In the recent years, DPA attacks have been widely investigated. In particular, 2-nd order DPA have been improved and successfully applied to break many masked implementations. In this context a higher order masking scheme has been proposed by Schramm and Paar at CTRSA 2006. The authors claimed that the scheme is resistant against d-th order DPA for any arbitrary chosen order d. In this paper, w...
متن کاملThe World Is Not Enough: Another Look on Second-Order DPA
In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguish...
متن کامل