Efficient Nonprofiling 2nd-Order Power Analysis on Masked Devices Utilizing Multiple Leakage Points

Abstract

2nd-order attacks utilize power values at two leakage points to break cryptographic systems protected by 1st-order random masking. Without profiling, the attacker do not know the exact location of the two leakage points. Standard 2nd-order attacks with an exhaustive search over two windows of size $n_w$nw has computational complexity $\mathcal {O}(n_w^2)$O(nw2) and does not scale well with the window size $n_w$nw. We propose to apply a decision-combination attack, the majority vote (MV) attack, to combine 2nd order attacks at multiple candidate pairs of leakage points selected through two filters. The first filter pre-process the power traces with Fast Fourier Transformation (FFT) techniques and reduce the complexity to $\mathcal {O}(n_w\log _2(n_w))$O(nwlog2(nw)). The second filter use an advanced statistical feature selection procedure, Higher Criticism (HC), to select leakage candidates that improve the effectiveness of decision-combination MV attack and other leakage-combination attacks. We derive theoretical success conditions of MV attacks as well as the typical maximum attack and a leakage-combination sum attack. The theoretical conditions are confirmed through performance comparisons of the attacks on synthetic data sets and on two real data sets, an FPGA implementation and a software implementation of masked AES. The proposed FF-HC-MV attack is data-adaptive, working well in all data sets.