The World Is Not Enough: Another Look on Second-Order DPA

  • François-Xavier Standaert
  • Nicolas Veyrat-Charvillon
  • Elisabeth Oswald
  • Benedikt Gierlichs
  • Marcel Medwed
  • Markus Kasper
  • Stefan Mangard
Conference paper

DOI: 10.1007/978-3-642-17373-8_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6477)
Cite this paper as:
Standaert FX. et al. (2010) The World Is Not Enough: Another Look on Second-Order DPA. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

Abstract

In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that explores these two topics in the case of a masked implementation exhibiting a Hamming weight leakage model. Our results lead to refined intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). This evaluation confirms that higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • François-Xavier Standaert
    • 1
  • Nicolas Veyrat-Charvillon
    • 1
  • Elisabeth Oswald
    • 2
  • Benedikt Gierlichs
    • 3
  • Marcel Medwed
    • 4
  • Markus Kasper
    • 5
  • Stefan Mangard
    • 6
  1. 1.Crypto GroupUniversité catholique de LouvainBelgium
  2. 2.Department of Computer ScienceUniversity of BristolUK
  3. 3.ESAT/SCD-COSIC and IBBTK.U. LeuvenBelgium
  4. 4.IAIKGraz University of TechnologyAustria
  5. 5.Horst Görtz Institute for IT SecurityRuhr University BochumGermany
  6. 6.Security InnovationInfineon Technologies AGGermany

Personalised recommendations