2014
DOI: 10.1007/978-3-319-07536-5_20
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Hidden Leakages

Abstract: Abstract. Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA conte… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
26
0

Year Published

2014
2014
2021
2021

Publication Types

Select...
5
3
1

Relationship

3
6

Authors

Journals

citations
Cited by 47 publications
(28 citation statements)
references
References 40 publications
0
26
0
Order By: Relevance
“…The masked block-cipher AES-256 in encryption mode without any mode of operation is implemented on target cryptographic device Atmel ATMega-163-based smart card. The implemented masking scheme is a variant of the Rotating Sbox Masking [23], [64]. According to the authors, this masking scheme keeps performance and complexity close to the unprotected scheme and is resistant to several side-channel attacks.…”
Section: Settings Of Experimentsmentioning
confidence: 99%
See 1 more Smart Citation
“…The masked block-cipher AES-256 in encryption mode without any mode of operation is implemented on target cryptographic device Atmel ATMega-163-based smart card. The implemented masking scheme is a variant of the Rotating Sbox Masking [23], [64]. According to the authors, this masking scheme keeps performance and complexity close to the unprotected scheme and is resistant to several side-channel attacks.…”
Section: Settings Of Experimentsmentioning
confidence: 99%
“…offset value, which is drawn randomly at the beginning of computation, is a secret value. Mask values are rotating according to the offset value [23], [64]. Each stored trace has 435 002 samples associated to the same secret key and corresponds to the first and to the beginning of the second round of AES algorithm.…”
Section: Settings Of Experimentsmentioning
confidence: 99%
“…Similarly MixColumns can also be identified by just looking the bytes manipulated together. Moreover, detecting precise leakage points of each operation can help an attacker run collision attacks (see e.g., [27,26]). …”
Section: Accelerating Side-channel Attacksmentioning
confidence: 99%
“…In RSM only sixteen Substitution boxes (S-boxes) are used and all the sixteen outputs of SubBytes are masked by a different mask. We take great in this paper to exploit second-order leakage (in particular, we avoid the first-order leakage identified by Moradi et al [15]). Moreover, the same mask is used for the AddRoundKey operation where it is XORed to one plaintext byte P and in the SubBytes operation where it is XORed with the S-box output depending on another plaintext byte P .…”
Section: Implementation Of the Masking Schemementioning
confidence: 99%