IACR News item: 14 November 2013
Michael Tunstall, Carolyn Whitnall, Elisabeth Oswald
ePrint Report
The literature on side-channel analysis describes numerous masking schemes designed to protect block ciphers at the implementation level. Such masking schemes typically require the computation of masked tables prior to the execution of an encryption function. In this paper we revisit an attack which directly exploits this computation in such a way as to recover all or some of the masks used. We show that securely implementing masking schemes is only possible where one has access to a significant amount of random numbers.
Additional news items may be found on the IACR news page.