On the security of RSM - Presenting 5 first- and second-order attacks

Abstract

Lightweight cryptography and efficient implementations, including efficient countermeasures against side-channel analysis, are of great importance for embedded devices, and, consequently, a lot of progress has been done in this area in recent years. In 2012, the RSM masking scheme [15] was introduced as an efficient countermeasure against side-channel attacks on AES. RSM has no time penalty, only reasonable area overhead, uses only 4 bit of entropy, and is deemed to be secure against univariate first- and second-order attacks. In this paper we first review the original practical security evaluation and discuss some shortcomings. We then reveal a weakness in the set of masks used in RSM, i.e., we found that certain pairs of masks have a constant difference. This weakness is subsequently exploited to mount five different side-channel attacks against RSM: a univariate first-order CPA enabled by simple pre-processing and a variant of a first-order correlation-enhanced collision attack, both on a smart card implementation, and a univariate second-order CPA as well as two first- and second-order collision attacks against an FPGA implementation. All five attacks show how such a vulnerability in the mask set can undermine the security of the scheme and therefore highlight the importance of carefully choosing the masks. © 2014 Springer International Publishing Switzerland.