Reference : Higher-Order DCA against Standard Side-Channel Countermeasures
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Higher-Order DCA against Standard Side-Channel Countermeasures
Bogdanov, Andrey mailto [Technical University of Denmark]
Rivain, Matthieu mailto [CryptoExperts]
Philip, S. Vejre mailto [Technical University of Denmark]
Wang, Junwei mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > > ; CryptoExperts > > > ; Université Paris 8]
Constructive Side-Channel Analysis and Secure Design
Polian, Ilia
Stöttinger, Marc
Lecture Notes in Computer Science 11421
10th International Workshop, COSADE 2019
from 03-04-2019 to 05-04-2019
[en] white-box cryptography ; higher-order DCA ; masking ; shuffling
[en] At CHES 2016, Bos et al. introduced differential computational analysis (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses computational traces consisting of plain values computed by the implementation during execution. It was shown to be able to recover the key of many existing AES white-box implementations.

The DCA adversary is passive, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. It is therefore important to develop implementations which are resistant to this attack. We investigate the approach of applying standard side-channel countermeasures such as masking and shuffling. Under some necessary conditions on the underlying randomness generation, we show that these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce higher-order DCA, along with an enhanced multivariate version, and analyze the security of the countermeasures against these attacks. We derive analytic expressions for the complexity of the attacks – backed up through extensive attack experiments – enabling a designer to quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting.
European Commission - EC
Researchers ; Professionals ; Students ; General public ; Others
H2020 ; 643161 - ECRYPT-NET - European Integrated Research Training Network on Advanced Cryptographic Technologies for the Internet of Things and the Cloud

File(s) associated to this reference

Fulltext file(s):

Limited access
cosade19.pdfPublisher postprint674.55 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.