First Principal Components Analysis: A New Side Channel Distinguisher - Information Security and Cryptology-ICISC 2010

Cryptography Reference

In-Depth Information

4.2 FPCA on Masked DES

Basically, masking technique is considered to be a powerful countermeasure

against SCA. Indeed, it aims at masking the intermediate values that occur

during encryption and decryption process. Many masking schemes have been

proposed to the cryptographic community for symmetric encryption algorithms

(DES, AES, ...) [32,14,22]. Basically, they differ in term of hardware design

complexity. But, they all aim at fulfilling the same goal by ensuring the resis-

tance against first-order SCA like DPA and CPA. Statistically, an ideal masking

implementation is one for which all references, for all made partitions, are the

same when using the mean as CS . However, it has been proved that masking

technique is still susceptible to first-order SCA as long as glitches problem re-

mains not completely resolved [32]. For instance, authors in [18], have shown

that one masked structure so-called “Universal Substitution boxes with Mask-

ing” (USM) is vulnerable against DPA. Moreover, masked implementations are

not resistant against new variants of SCA like VPA which is mainly based on

the variance analysis. It is also shown that a full-fledged masked DES imple-

mentation using a ROM (Masked-ROM) is breakable by VPA attack, in spite of

its high resistance against first-order attacks. In what follows, we use the same

power consumption model as described in [18] to perform the FPCA on USM

and Masked-ROM DES implementations.

Fig. 3. Unprotected DES guessing en-

tropy metric

Fig. 4. Unprotected DES 1st-order suc-

cess rate metric

First, in order to make a fair evaluation for our attack on USM DES structure

we kept the “mean” as CS and we classified traces into five partitions for each

key hypothesis k j . For reasons of clarity, comparison is made between FPCA

and DPA for which we realised the best performance with regards to DoM and

CPA. Results are deduced from Fig. 5 and Fig. 6. Obviously, according to the

first-order success rate metric shown in Fig. 6, FPCA is more ecient than DPA.

Indeed, 15000 traces are needed for DPA to achieve a rate of 0.8. Whereas, for

the same rate, FPCA attack requires only 10000 traces. The guessing entropy

metric, is quite equivalent for both attacks. Second, we targeted a Masked-ROM

DES implementation. For this purpose, we chose the variance as CS ,asithas

Search WWH ::

Custom Search

Home