Efficient 2nd-order power analysis on masked devices utilizing multiple leakage

Abstract

A common algorithm-level effective countermea-sure against side-channel attacks is random masking. However, second-order attack can break first-order masked devices by utilizing power values at two time points. Normally 2nd-order attacks require the exact temporal locations of the two leakage points. Without profiling, the attacker may only have an educated guessing window of size n w for each potential leakage point. An attack with exhaustive search over combinations of the two leakage points will lead to computational complexity of O(n2 w ). Waddle and Wagner introduced FFT-based attack with a complexity of O(n w log(n w )) in CHES 2004 [1]. Recently Belgarric et al. proposed five preprocessing techniques using time-frequency conversion tools basing on FFT in [2]. We propose a novel efficient 2nd-order power analysis attack, which pre-processes power traces with FFT to find multiple candidate leakage point pairs and then combines the attacks at multiple candidate pairs into one single attack. We derive the theoretical conditions for two different combination methods to be successful. The resulting attacks retain computational complexity of O(n w log(n w )) and are applied on two data sets, one set of power measurements of an FPGA implementation of masked AES scheme and the other set of measurements from DPA Contest V4 for a software implementation of masked AES. Our attacks improve over the previous FFT-based attacks, particularly when the window size n w is large. Each of the two attacks works better respectively on different data sets, confirming the theoretical conditions.