Hamming Weight Attacks on Cryptographic Hardware — Breaking Masking Defense

  • Marcin Gomuffłkiewicz
  • Mirosffław Kutyffłowski
Conference paper

DOI: 10.1007/3-540-45853-0_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2502)
Cite this paper as:
Gomuffłkiewicz M., Kutyffłowski M. (2002) Hamming Weight Attacks on Cryptographic Hardware — Breaking Masking Defense. In: Gollmann D., Karjoth G., Waidner M. (eds) Computer Security — ESORICS 2002. ESORICS 2002. Lecture Notes in Computer Science, vol 2502. Springer, Berlin, Heidelberg


It is believed that masking is an effective countermeasure against power analysis attacks: before a certain operation involving a key is performed in a cryptographic chip, the input to this operation is combined with a random value. This has to prevent leaking information since the input to the operation is random.

We show that this belief might be wrong. We present a Hamming weight attack on an addition operation. It works with random inputs to the addition circuit, hence masking even helps in the case when we cannot control the plaintext. It can be applied to any round of the encryption. Even with moderate accuracy of measuring power consumption it determines explicitly subkey bits. The attack combines the classical power analysis (over Hamming weight) with the strategy of the saturation attack performed using a random sample.

We conclude that implementing addition in cryptographic devices must be done very carefully as it might leak secret keys used for encryption. In particular, the simple key schedule of certain algorithms (such as IDEA and Twofish) combined with the usage of addition might be a serious danger.


cryptographic hardware side channel cryptanalysis Hamming weight power analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Marcin Gomuffłkiewicz
    • 1
  • Mirosffław Kutyffłowski
    • 1
    • 2
  1. 1.Cryptology CentrePoznań UniversityPoland
  2. 2.Institute of MathematicsWrocław University of TechnologyWroclawPoland

Personalised recommendations