In this article we describe an improved concept for second order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second order DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess the number of traces that are needed for a successful attack. We give evidence on the effectiveness of our methodology by showing practical attacks on a masked AES smart card implementation. In these attacks we target inputs and outputs of the SubBytes operation in the first encryption round.
|Translated title of the contribution||Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers|
|Title of host publication||RSA Conference 2006, Cryptographers' Track|
|Pages||192 - 207|
|Publication status||Published - 2006|