Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets

Abstract EN

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks.

State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline.

We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory.

Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate.

Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack.

Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points.

Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.