Slicing Up a Perfect Hardware Masking Scheme
—Masking is a side-channel countermeasure that randomizes side-channel leakage, such as the power dissipation of a circuit. Masking is only effective on the condition that the internal random mask remains a secret. Previous research has illustrated how a successful estimation of the mask bit in circuitlevel masking leads to successful side-channel attacks. In this paper, we extend this concept to algorithmic masking, which uses multi-bit masks. Our key observation is that the power dissipation of a masked circuit and the mask value are not independent. We exploit this property by using a slice of the power samples obtained by partial selection. This slice has a statistically biased mask, even when the mask signal itself is generated with a uniform distribution. We demonstrate this attack by showing how a perfectly masked AES SBox can be broken using part of the observed power samples, while the same circuit remains secure if we use all of the observed power samples. Keywords-Side-cha...
Zhimin Chen, Patrick Schaumont
