International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: The World is Not Enough: Another Look on Second-Order DPA

Authors:
Fran├žois-Xavier Standaert
Nicolas Veyrat-Charvillon
Elisabeth Oswald
Benedikt Gierlichs
Marcel Medwed
Markus Kasper
Stefan Mangard
Download:
URL: http://eprint.iacr.org/2010/180
Search ePrint
Search Google
Abstract: In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. In other words, while a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that considers these two questions in the case of a masked device exhibiting a Hamming weight leakage model. Our results lead to new intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). It turns out that moving to higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods.
BibTeX
@misc{eprint-2010-23081,
  title={The World is Not Enough: Another Look on Second-Order DPA},
  booktitle={IACR Eprint archive},
  keywords={implementation / side-channel attacks},
  url={http://eprint.iacr.org/2010/180},
  note={ fstandae@uclouvain.be 14702 received 3 Apr 2010},
  author={Fran├žois-Xavier Standaert and Nicolas Veyrat-Charvillon and Elisabeth Oswald and Benedikt Gierlichs and Marcel Medwed and Markus Kasper and Stefan Mangard},
  year=2010
}