Abstract

In this paper we discuss the security of masked implementations. As an effective countermeasure against first-order DPA (Differential power analysis) attacks, masking works because the randomly masked intermediate values cause a power consumption that is not predictable by the attacker. We perform and analyze the template-based DPA and second-order DPA attacks on the scenario that the input values and output values of the AES SubBytes operation are concealed by the same mask-value. The experimental results confirm that, the masked implementation can be attacked by template-based DPA attacks and second-order DPA attacks.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call