Tiny Security Hole: First-Order Vulnerability of Masked SEED and Its Countermeasure

Abstract

Side-channel analysis is a type of cryptanalysis that utilizes the physical leakage of a cryptographic device. An adversary exploits the relationship between a physical leakage and the secret intermediate value of an encryption algorithm. In order to prevent side-channel analysis, the masking method was proposed. Several masking methods of the ISO/IEC 18033-3 standard encryption algorithm SEED have been proposed, as the Korean financial IC (integrated circuit) card standard (CFIP.ST.FINIC-01-2021) mandates using a robust implementation of SEED as an encryption algorithm against side-channel analyses. However, vulnerabilities were reported, except for with only one masking method. This study proposes the first-order vulnerability of that masking method. That is, an adversary is able to perform a side-channel analysis with the same complexity as an unprotected implementation. In order to fix this vulnerability, we revise the masking method with negligible additional overhead. Its vulnerability and security are theoretically verified and experimentally demonstrated. The round key of the existing masking method is revealed with only 210 power consumption traces, while that of the proposed masking method is not disclosed with 10,000 traces.