A Novel Normalized Variance-Based Differential Power Analysis Against Masking Countermeasures

Abstract

In this paper, we propose two normalization techniques to reduce the ghost peaks occurring in Differential Power Analysis (DPA). Ghost peaks can be defined as the DPA output generated by the wrong key guesses, having higher amplitudes than the DPA output generated by the correct key guess. We further propose variance-based Differential Power Analysis (vDPA) to attack masked crypto devices. The proposed normalization techniques and vDPA constitute four contributions. First, based on the side-channel signal modeling with the linear coefficient representing the strength of the linear component in a side-channel signal, we formulate the condition function of linear coefficients for the appearance of ghost peaks in DPA. Second, we propose pre-normalization in DPA and mathematically analyze how it can reduce ghost peaks by modulating the strength of the linear components in side-channel signals. Third, we propose post-normalization and mathematically analyze how it can reduce ghost peaks by de-correlating the strength of the linear components in side-channel signals with the condition function for the appearance of ghost peaks. Fourth, we propose vDPA to apply simultaneously with either one of the proposed normalization techniques to effectively attack masked crypto devices. Based on the experiments, we show that the proposed basic vDPA (without normalization), pre-normalized vDPA and post-normalized vDPA are all able to reveal the secret key from ASCAD data set. The pre- and post-normalized vDPAs require up to <inline-formula> <tex-math notation= LaTeX >$18\\times $ </tex-math></inline-formula> and <inline-formula> <tex-math notation= LaTeX >$14\\times $ </tex-math></inline-formula> fewer traces than the basic vDPA respectively. While attacking ASCAD data set, the proposed pre- and post-normalized vDPAs are both 13,<inline-formula> <tex-math notation= LaTeX >$095\\times $ </tex-math></inline-formula> faster than the reported 2nd order CPA, and reveal the key-bytes successfully with only half of side-channel traces required by the reported Zero-offset DPA.