Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 125-139

Correlation-Enhanced Power Analysis Collision Attack

  • Amir MoradiAffiliated withHorst Görtz Institute for IT Security, Ruhr University Bochum
  • , Oliver MischkeAffiliated withHorst Görtz Institute for IT Security, Ruhr University Bochum
  • , Thomas EisenbarthAffiliated withDepartment of Mathematical Sciences, Florida Atlantic University


Side-channel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of collision attacks can be adapted to efficiently break some masked hardware implementation of the AES which still have first-order leakage. The proposed attack breaks an AES implementation based on the corrected version of the masked S-box of Canright and Batina presented at ACNS 2008. The attack requires only six times the number of traces necessary for breaking a comparable unprotected implementation. At the same time, the presented attack has minimal requirements on the abilities and knowledge of an adversary. The attack requires no detailed knowledge about the design, nor does it require a profiling phase.