Higher-Order DCA against Standard Side-Channel Countermeasures

Andrey Bogdanov, Matthieu Rivain, Philip S. Vejre, Junwei Wang*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

110 Downloads (Pure)


At CHES 2016, Bos et al. introduced differential computational analysis (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses computational traces consisting of plain values computed by the implementation during execution. It was shown to be able to recover the key of many existing AES white-box implementations. The DCA adversary is passive, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. It is therefore important to develop implementations which are resistant to this attack. We investigate the approach of applying standard side-channel countermeasures such as masking and shuffling. Under some necessary conditions on the underlying randomness generation, we show that these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce higher-order DCA, along with an enhanced multivariate version, and analyze the security of the countermeasures against these attacks. We derive analytic expressions for the complexity of the attacks – backed up through extensive attack experiments – enabling a designer to quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting.

Original languageEnglish
Title of host publicationConstructive Side-Channel Analysis and Secure Design - Proceedings of 10th International Workshop
EditorsIlia Polian, Marc Stöttinger
Publication date1 Jan 2019
ISBN (Print)9783030163495
Publication statusPublished - 1 Jan 2019
Event10th International Workshop on Constructive Side-Channel Analysis and Secure Design - Darmstadt, Germany
Duration: 3 Apr 20195 Apr 2019
Conference number: 10


Conference10th International Workshop on Constructive Side-Channel Analysis and Secure Design
SponsorALPhA NOV, Continental, eShard, FortifyIQ, Rambus Inc.
Internet address
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)


  • Higher-order DCA
  • Masking
  • Shuffling
  • White-box cryptography


Dive into the research topics of 'Higher-Order DCA against Standard Side-Channel Countermeasures'. Together they form a unique fingerprint.

Cite this