Security Issues in SoC Communication 343
8.2.7 Attacks on Masking
In a masked implementation, all intermediate values that are computed during
the execution of a cryptographic algorithm are concealed by a random value,
which is called mask. This ensures, if correctly implemented, a pairwise inde-
pendence between masked values, unmasked values, and masks. Hence, only
if pairwise independence does not hold for some reason, a masking scheme is
vulnerable to DPA attacks. DPA attacks based on one intermediate value that
is predicted are referred to as first-order DPA attacks, and they do not work
to attack perfect mask schemes.
As previously seen, higher-order DPA attacks exploit the joint leakage of
several intermediate values. In practice, second-order ...