Efficient 2nd-order power analysis on masked devices utilizing multiple leakage

A common algorithm-level effective countermea-sure against side-channel attacks is random masking. However, second-order attack can break first-order masked devices by utilizing power values at two time points. Normally 2^nd-order attacks require the exact temporal locations of the two leakage points. Without profiling, the attacker may only have an educated guessing window of size n_w for each potential leakage point. An attack with exhaustive search over combinations of the two leakage points will lead to computational complexity of O(n²_w). Waddle and Wagner introduced FFT-based attack with a complexity of O(n_w log(n_w)) in CHES 2004 [1]. Recently Belgarric et al. proposed five preprocessing techniques using time-frequency conversion tools basing on FFT in [2]. We propose a novel efficient 2^nd-order power analysis attack, which pre-processes power traces with FFT to find multiple candidate leakage point pairs and then combines the attacks at multiple candidate pairs into one single attack. We derive the theoretical conditions for two different combination methods to be successful. The resulting attacks retain computational complexity of O(n_w log(n_w)) and are applied on two data sets, one set of power measurements of an FPGA implementation of masked AES scheme and the other set of measurements from DPA Contest V4 for a software implementation of masked AES. Our attacks improve over the previous FFT-based attacks, particularly when the window size n_w is large. Each of the two attacks works better respectively on different data sets, confirming the theoretical conditions.