Skip to main content
SpringerLink
Log in

On the Easiness of Turning Higher-Order Leakages into First-Order

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10348))

Abstract

Applying random and uniform masks to the processed intermediate values of cryptographic algorithms is arguably the most common countermeasure to thwart side-channel analysis attacks. So-called masking schemes exist in various shapes but are mostly used to prevent side-channel leakages up to a certain statistical order. Thus, to learn any information about the key-involving computations a side-channel adversary has to estimate the higher-order statistical moments of the leakage distributions. However, the complexity of this approach increases exponentially with the statistical order to be estimated and the precision of the estimation suffers from an enormous sensitivity to the noise level. In this work we present an alternative procedure to exploit higher-order leakages which captivates by its simplicity and effectiveness. Our approach, which focuses on (but is not limited to) univariate leakages of hardware masking schemes, is based on categorizing the power traces according to the distribution of leakage points. In particular, at each sample point an individual subset of traces is considered to mount ordinary first-order attacks. We present the theoretical concept of our approach based on simulation traces and examine its efficiency on noisy real-world measurements taken from a first-order secure threshold implementation of the block cipher PRESENT-80, implemented on a 150 nm CMOS ASIC prototype chip. Our analyses verify that the proposed technique is indeed a worthy alternative to conventional higher-order attacks and suggest that it might be able to relax the sensitivity of higher-order evaluations to the noise level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In case of Boolean masking.

  2. 2.

    For example, two different plaintexts of an AES encryption with a fixed key.

  3. 3.

    t-test can be used to detect the distinguishability [24].

  4. 4.

    Analog to Digital Converter.

  5. 5.

    Lower number of shares can be achieved at the price of additional fresh masks [22].

  6. 6.

    The permutation layer in one separate clock cycle.

  7. 7.

    Only positive correlation values indicate a collision in an MCDPA attack.

References

  1. Side-channel Attack Standard Evaluation Board SASEBO-R Specification - Version 1.0. Research Center for Information Security, National Institute of Advanced Industrial Science and Technology, Japan. http://www.risec.aist.go.jp/project/sasebo/download/SASEBO-R_Spec_Ver1.0_English.pdf

  2. Barthe, G., Dupressoir, F., Faust, S., Grégoire, B., Standaert, F.-X., Strub, P.-Y.: Parallel implementations of masking schemes and the bounded moment leakage model. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 535–566. Springer, Cham (2017). doi:10.1007/978-3-319-56620-7_19

    Chapter  Google Scholar 

  3. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45608-8_18

    Google Scholar 

  4. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_31

    Chapter  Google Scholar 

  5. Boss, E., Grosso, V., Güneysu, T., Leander, G., Moradi, A., Schneider, T.: Strong 8-bit Sboxes with efficient masking in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 171–193. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53140-2_9

    Google Scholar 

  6. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  7. Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing of order two. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 120–139. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_8

    Chapter  Google Scholar 

  8. Chen, Z., Schaumont, P.: Slicing up a perfect hardware masking scheme. In: HOST 2008, pp. 21–25. IEEE (2008)

    Google Scholar 

  9. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_27

    Chapter  Google Scholar 

  10. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_27

    Chapter  Google Scholar 

  11. Kim, Y., Sugawara, T., Homma, N., Aoki, T., Satoh, A.: Biasing power traces to improve correlation in power analysis attacks. COSADE 2010, 77–80 (2010)

    Google Scholar 

  12. Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 208–223. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21040-2_14

    Chapter  Google Scholar 

  13. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New york (2007)

    MATH  Google Scholar 

  14. Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 1–20. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_1

    Chapter  Google Scholar 

  15. Moradi, A., Standaert, F.-X.: Moments-correlating DPA. In: Workshop on Theory of Implementation Security, TIS 2016, pp. 5–15. ACM (2016)

    Google Scholar 

  16. Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_23

    Chapter  Google Scholar 

  17. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of Glitches. J. Cryptology 24(2), 292–321 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  18. Ou, C., Wang, Z., Sun, D., Zhou, X., Ai, J., Pang, N.: Enhanced correlation power analysis by biasing power traces. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 59–72. Springer, Cham (2016). doi:10.1007/978-3-319-45871-7_5

    Chapter  Google Scholar 

  19. Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005). doi:10.1007/11545262_13

    Chapter  Google Scholar 

  20. Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptology 24(2), 322–345 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  21. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  22. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47989-6_37

    Chapter  Google Scholar 

  23. Schaumont, P., Tiri, K.: Masking and dual-rail logic don’t add up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_7

    Chapter  Google Scholar 

  24. Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_25

    Chapter  Google Scholar 

  25. Tillich, S., Herbst, C., Mangard, S.: Protecting AES software implementations on 32-bit processors against power analysis. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 141–157. Springer, Heidelberg (2007). doi:10.1007/978-3-540-72738-5_10

    Chapter  Google Scholar 

  26. Tiri, K., Schaumont, P.: Changing the odds against masked logic. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 134–146. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74462-7_10

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors would like to acknowledge Axel Poschmann for the hardware designs and Stefan Heyse for his help on taping out the prototype chip. This work is partly supported by the German Research Foundation (DFG) through the project “NaSCA: Nano-Scale Side-Channel Analysis”.

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany

    Thorben Moos & Amir Moradi

Authors
  1. Thorben Moos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir Moradi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thorben Moos .

Editor information

Editors and Affiliations

  1. Secure-IC S.A.S. and TELECOM-ParisTech, Paris, France

    Sylvain Guilley

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Moos, T., Moradi, A. (2017). On the Easiness of Turning Higher-Order Leakages into First-Order. In: Guilley, S. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2017. Lecture Notes in Computer Science(), vol 10348. Springer, Cham. https://doi.org/10.1007/978-3-319-64647-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64647-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64646-6

  • Online ISBN: 978-3-319-64647-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation