Skip to main content
SpringerLink
Log in

Not so Difficult in the End: Breaking the Lookup Table-Based Affine Masking Scheme

  • Conference paper
  • First Online:
Selected Areas in Cryptography – SAC 2023 (SAC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14201))

Included in the following conference series:

  • 126 Accesses

Abstract

The lookup table-based masking countermeasure is prevalent in real-world applications due to its potent resistance against side-channel attacks and low computational cost. The ASCADv2 dataset, for instance, ranks among the most secure publicly available datasets today due to two layers of countermeasures: lookup table-based affine masking and shuffling. Current attack approaches rely on strong assumptions. In addition to requiring access to the source code, an adversary would also need prior knowledge of random shares.

This paper forgoes reliance on such knowledge and proposes two attack approaches based on the vulnerabilities of the lookup table-based affine masking implementation. As a result, the first attack can retrieve all secret keys’ reliance in less than a minute without knowing mask shares. Although the second attack is not entirely successful in recovering all keys, we believe more traces would help make such an attack fully functional.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is important to note that subkey candidates can involve guessing any number of bits. Although we assume the AES cipher here, the concept remains algorithm-independent.

  2. 2.

    The proposed attack target the intermediate data when \(\beta =r_{in}\) and \(\beta =r_{out}\).

  3. 3.

    https://github.com/ANSSI-FR/ASCAD/tree/master/STM32_AES_v2.

References

  1. Amigo, G., Dong, L., Ii, R.J.M.: Forecasting pseudo random numbers using deep learning. In: 2021 15th International Conference on Signal Processing and Communication Systems (ICSPCS), pp. 1–7. IEEE (2021)

    Google Scholar 

  2. Benadjila, R., Khati, L., Prouff, E., Thillard, A.: Hardened library for AES-128 encryption/decryption on ARM Cortex M4 architecture (2019). https://github.com/ANSSI-FR/SecAESSTM32

  3. Benadjila, R., Prouff, E., Strullu, R., Cagli, E., Dumas, C.: Deep learning for side-channel analysis and introduction to ASCAD database. J. Cryptogr. Eng. 10(2), 163–188 (2020)

    Article  Google Scholar 

  4. Bhasin, S., Chattopadhyay, A., Heuser, A., Jap, D., Picek, S., Ranjan, R.: Mind the portability: a warriors guide through realistic profiled side-channel analysis. In: Network and Distributed System Security Symposium, NDSS 2020, pp. 1–14 (2020)

    Google Scholar 

  5. Bogdanov, A.: Improved side-channel collision attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_6

    Chapter  Google Scholar 

  6. Bogdanov, A., Kizhvatov, I.: Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans. Comput. 61(8), 1153–1164 (2011)

    Article  MathSciNet  Google Scholar 

  7. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  8. Bronchain, O., Standaert, F.X.: Side-channel countermeasures’ dissection and the limits of closed source security evaluations. IACR Trans. Cryptographic Hardware Embed. Syst. 1–25 (2020)

    Google Scholar 

  9. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26

    Chapter  Google Scholar 

  10. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  11. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_25

    Chapter  Google Scholar 

  12. Coron, J.S., Rondepierre, F., Zeitoun, R.: High order masking of look-up tables with common shares. Cryptology ePrint Archive (2017)

    Google Scholar 

  13. Coron, J.S., Rondepierre, F., Zeitoun, R.: High order masking of look-up tables with common shares. IACR Trans. Cryptographic Hardware Embed. Syst. 40–72 (2018)

    Google Scholar 

  14. Cristiani, V., Lecomte, M., Hiscock, T., Maurine, P.: Fit the joint moments: how to attack any masking scheme. IEEE Access 10, 127412–127427 (2022)

    Article  Google Scholar 

  15. Daemen, J., Rijmen, V.: AES proposal: Rijndael (1999)

    Google Scholar 

  16. Dol, N.T., Le, P.C., Hoang, V.P., Doan, V.S., Nguyen, H.G., Pham, C.K.: MO-DLSCA: deep learning based non-profiled side channel analysis using multi-output neural networks. In: 2022 International Conference on Advanced Technologies for Communications (ATC), pp. 245–250. IEEE (2022)

    Google Scholar 

  17. Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 262–280. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_18

    Chapter  Google Scholar 

  18. Gérard, B., Standaert, F.-X.: Unified and optimized linear collision attacks and their application in a non-profiled setting. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 175–192. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_11

    Chapter  Google Scholar 

  19. Hospodar, G., Gierlichs, B., De Mulder, E., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Cryptogr. Eng. 1(4), 293–302 (2011)

    Article  Google Scholar 

  20. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  21. Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 3–26. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49445-6_1

    Chapter  Google Scholar 

  22. Marquet, T., Oswald, E.: A comparison of multi-task learning and single-task learning approaches. Cryptology ePrint Archive (2023)

    Google Scholar 

  23. Masure, L., Strullu, R.: Side-channel analysis against ANSSI’s protected AES implementation on ARM: end-to-end attacks with multi-task learning. J. Cryptographic Eng. 1–19 (2023)

    Google Scholar 

  24. Perin, G., Wu, L., Picek, S.: Exploring feature selection scenarios for deep learning-based side-channel analysis. IACR Trans. Cryptographic Hardware Embed. Syst. 828–861 (2022)

    Google Scholar 

  25. Picek, S., et al.: Side-channel analysis and machine learning: a practical perspective. In: 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, 14–19 May 2017, pp. 4095–4102 (2017)

    Google Scholar 

  26. Picek, S., Perin, G., Mariot, L., Wu, L., Batina, L.: SoK: deep learning-based physical side-channel analysis. ACM Comput. Surv. 55(11), 1–35 (2023)

    Article  Google Scholar 

  27. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3

    Chapter  Google Scholar 

  28. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_14

    Chapter  Google Scholar 

  29. Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39887-5_16

    Chapter  Google Scholar 

  30. Staib, M., Moradi, A.: Deep learning side-channel collision attack. IACR Trans. Cryptographic Hardware Embed. Syst. 422–444 (2023)

    Google Scholar 

  31. Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptographic Hardware Embed. Syst. 107–131 (2019)

    Google Scholar 

  32. Tunstall, M., Whitnall, C., Oswald, E.: Masking tables—an underestimated security risk. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 425–444. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_22

    Chapter  Google Scholar 

  33. Vadnala, P.K.: Time-memory trade-offs for side-channel resistant implementations of block ciphers. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 115–130. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52153-4_7

    Chapter  Google Scholar 

  34. Valiveti, A., Vivek, S.: Second-order masked lookup table compression scheme. IACR Trans. Cryptographic Hardware Embed. Syst. 129–153 (2020)

    Google Scholar 

  35. Vasselle, A., Thiebeauld, H., Maurine, P.: Spatial dependency analysis to extract information from side-channel mixtures: extended version. J. Cryptographic Eng. 1–17 (2023)

    Google Scholar 

  36. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_44

    Chapter  Google Scholar 

  37. Wu, L., Perin, G., Picek, S.: The best of two worlds: Deep learning-assisted template attack. IACR Trans. Cryptographic Hardware Embed. Syst. 413–437 (2022)

    Google Scholar 

  38. Wu, L., Perin, G., Picek, S.: Hiding in plain sight: non-profiling deep learning-based side-channel analysis with plaintext/ciphertext. Cryptology ePrint Archive (2023)

    Google Scholar 

  39. Wu, L., Picek, S.: Remove some noise: on pre-processing of side-channel measurements with autoencoders. IACR Trans. Cryptographic Hardware Embed. Syst. 389–415 (2020)

    Google Scholar 

  40. Wu, L., Tiran, S., Perin, G., Picek, S.: An end-to-end plaintext-based side-channel collision attack without trace segmentation. Cryptology ePrint Archive (2023)

    Google Scholar 

  41. Zaid, G., Bossuet, L., Habrard, A., Venelli, A.: Methodology for efficient CNN architectures in profiling attacks. IACR Trans. Cryptographic Hardware Embed. Syst. 1–36 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Lichao Wu & Stjepan Picek

  2. Leiden University, Leiden, The Netherlands

    Guilherme Perin

Authors
  1. Lichao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guilherme Perin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stjepan Picek
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stjepan Picek .

Editor information

Editors and Affiliations

  1. University Paris 8, Paris, France

    Claude Carlet

  2. University of New Brunswick, Fredericton, NB, Canada

    Kalikinkar Mandal

  3. University of Leuven and University of Bergen, Heverlee, Belgium

    Vincent Rijmen

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wu, L., Perin, G., Picek, S. (2024). Not so Difficult in the End: Breaking the Lookup Table-Based Affine Masking Scheme. In: Carlet, C., Mandal, K., Rijmen, V. (eds) Selected Areas in Cryptography – SAC 2023. SAC 2023. Lecture Notes in Computer Science, vol 14201. Springer, Cham. https://doi.org/10.1007/978-3-031-53368-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-53368-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-53367-9

  • Online ISBN: 978-3-031-53368-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation