Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis
Fast Software Encryption
Attacking State-of-the-Art Software Countermeasures--A Case Study for AES
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
A generic method for secure Sbox implementation
WISA'07 Proceedings of the 8th international conference on Information security applications
Practical second-order DPA attacks for masked smart card implementations of block ciphers
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Principles on the security of AES against first and second-order differential power analysis
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Hi-index | 0.00 |
Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies--hiding by repeating operations for each possible value, and masking and hiding using the same random number--can create new vulnerabilities.