Detecting Hidden Leakages

Amir Moradi, Sylvain Guilley, Annelie Heuser

International Conference on Applied Cryptography and Network Security - ACNS 2014, Lausanne, Switzerland, June 10 - 13, 2014 (best-[student]-paper award).


Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

[DOI] [pdf]