Secure DES Implementation Against High-Order Differential Power Analysis

Differential Power Analysis (DPA) is a powerful cryptanalytic technique for extracting data from a cryptographic device. The implementation of DPA relies mainly on collecting power consumption traces and applying statistical methods, in order to average over them and obtain the secret key. Information leakage of this kind can be prevented by using masking methods. However, most of these methods are efficient only in preventing first-order DPA attacks and they fail to defense against High-Order DPA (HODPA) attacks, even of second-order. This paper presents an overview of High-Order DPA attacks focusing mainly on DES algorithm, which is still vulnerable to this kind of attacks. After analyzing the Unique Masking Method, introduced by Akkar and Goubin, and its weak points, we describe an enhancement of this implementation, which requires three random 32-bit masks and six S-boxes, in order to secure the outputs against any order DPA type attacks.