Implementation flaws in the masking scheme of DPA Contest v4.

This study presents an implementation flaw in Differential Power Analysis Contest (DPA) Contest v4. This version of DPA Contest uses Advanced Encryption Standard (AES) protected against side‐channel attacks using rotating s‐box masking (RSM) countermeasure. The authors identify a flaw in the masking scheme that was used in this contest. More specifically, the problem lies in an unfortunate choice of values for masks. An unbalance in the masking scheme leads to a first order leakage. This vulnerability could be used in order to mount a first order side‐channel attack against AES‐RSM. The attack was implemented and tested on DPA Contest v4 reference traces. The authors also provide a way to avoid the newly discovered problem and suggest new values for masks. [ABSTRACT FROM AUTHOR]