First-Order Side-Channel Attacks on the Permutation Tables Countermeasure

  • Emmanuel Prouff
  • Robert McEvoy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)


The use of random permutation tables as a side-channel attack countermeasure was recently proposed by Coron [5]. The countermeasure operates by ensuring that during the execution of an algorithm, each intermediate variable that is handled is in a permuted form described by the random permutation tables. In this paper, we examine the application of this countermeasure to the AES algorithm as described in [5], and show that certain operations admit first-order side-channel leakage. New side-channel attacks are developed to exploit these flaws, using correlation-based and mutual information-based methods. The attacks have been verified in simulation, and in practice on a smart card.


Side-Channel Attacks Permutation Tables CPA MIA Masking 

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Emmanuel Prouff
    • 1
  • Robert McEvoy
    • 2
  1. 1.Oberthur TechnologiesFrance
  2. 2.Claude Shannon Institute for Discrete Mathematics, Coding and CryptographyUniversity College CorkIreland

Personalised recommendations