Novel Leakage Against Realistic Masking and Shuffling Countermeasures

Abstract

It is often considered reasonable to combine first-order Boolean masking and shuffling countermeasures. However, shuffling countermeasures can sometimes be applied only to some rounds to improve performance. Herein, we define combinations of partial shuffling and masking countermeasures as restricted shuffling and masking countermeasures.

Moreover, we propose a novel leakage on restricted shuffling and masking countermeasures that have low attack complexity and a small correlation-reduction factor. Our novel leakage ignores the confusion layer to prevent shuffling from increasing the attack complexity. To reduce the complexity, we can confirm a partial correlation between the diffusion and confusion layer outputs. We identify that our proposal, which exploits this fact offers an overwhelming advantage compared with existing attacks when applied to the PRINCE and SEED block ciphers. Furthermore, we demonstrate the effectiveness of our proposed scheme using both simulated and realistic traces. In simulations, the number of traces required was reduced by up to 95%. When attacking a realistic device, a few traces were enough to recover the correct key, although existing attacks failed to reveal the correct key.

A Proof of Lemma 2

Proof

First, we prove the equation \(\rho _{WH'}=\rho _{WH}\rho _{HH'}\), which can be derived as in [6].

$$\begin{aligned} \begin{aligned} \rho _{WH'}&=\frac{Cov(W,H')}{\sigma _{W}\sigma _{H'}}=\frac{Cov(H+N,H')}{\sigma _{W}\sigma _{H'}} \\&=\frac{E[(H+N)H']-E[H+N]E[H']}{\sigma _{W}\sigma _{H'}} \\ \end{aligned} \end{aligned}$$

$$\begin{aligned} \begin{aligned}&=\frac{E[H H']-E[H]E[H']}{\sigma _{W}\sigma _{H'}}=\frac{Cov(H,H')}{\sigma _{W}\sigma _{H'}} \\&=\frac{Cov(H,H')}{\sigma _{H}\sigma _{H'}} \cdot \frac{\sigma _{H}^{2}}{\sigma _{W}\sigma _{H}} \\&=\rho _{HH'} \cdot \frac{Cov(H+N,H)}{\sigma _{W}\sigma _{H}}=\rho _{WH} \cdot \rho _{HH'} \\ \end{aligned} \end{aligned}$$

Before we prove the equation \(\rho _{HH'}=\sqrt{\frac{l}{n}}\), we define \(H_{l}\) as the Hamming weight for l bits out of a total of n bits. Then, by [11], \(E[H_{l}]=\frac{l}{2}\), \(Var[H_{l}]=\frac{l}{4}\), and hence

$$\begin{aligned} \begin{aligned} \rho _{HH'}&= \frac{Cov(H_{n}, H_{l})}{\sigma _{H_n}\sigma _{H_l}}\\&= \frac{Cov(H_{n-l}+H_{l},H_{l})}{\sigma _{H_n}\sigma _{H_l}} \\ \end{aligned} \end{aligned}$$

$$\begin{aligned} \begin{aligned}&= \frac{E[(H_{n-l}+H_{l})H_{l}]-E[H_{n-l}+H_{l}]E[H_{l}]}{\sigma _{H_n}\sigma _{H_l}} \\&= \frac{E[H_{n-l}H_{l}]+E[H_{l}^{2}]-E[H_{n-l}]E[H_{l}]-\left( E[H_{l}]\right) ^{2}}{\sigma _{H_n}\sigma _{H_l}} \\&= \frac{E[H_{l}^{2}]-\left( E[H_{l}]\right) ^{2}}{\sigma _{H_n}\sigma _{H_l}} (\because H_{n-l}\text { and }H_{l}\text { are independent})\\&= \frac{Var[H_{l}]}{\sigma _{H_n}\sigma _{H_l}}=\frac{\frac{l}{4}}{\sqrt{{\frac{n}{4}}}\sqrt{{\frac{l}{4}}}}=\sqrt{\frac{l}{n}}. \end{aligned} \end{aligned}$$

   \(\square \)