Evaluation of countermeasure implementations based on Boolean masking to thwart side-channel attacks

This paper presents hardware implementations of a DES cryptoprocessor with masking countermeasures and their evaluation against side-channel attacks (SCAs) in FPGAs. The masking protection has been mainly studied from a theoretical viewpoint without any thorough test in a noisy real world designs. In this study the masking countermeasure is tested with first-order and higher-order SCAs on a fully-fledged DES. Beside a classical implementation of the DES substitution boxes (S-boxes) a simple structure called universal substitution boxes with masking (USM) is proposed. It meets the constraint of low complexity as state-of-the-art masked S-boxes are mostly built from large look-up tables or complex calculations with combinatorial logic gates. However attacks on USM has underlined some security weaknesses. ROM masked implementation exhibits greater robustness as it cannot be attacked with first-order DPA. Nevertheless any masking implementation remains sensitive to higher-order differential power analysis (HO-DPA) as shown in a proposed attack. This attack is based on a variance analysis of the observed power consumption and it clearly shows the vulnerabilities of masking countermeasures.