Power Analysis on RSM Schemes in Cryptographic Chips

The lightweight mask scheme is a new tendency of the mask countermeasures in Cryptographic Chips. RSM is a lightweight scheme with high security and low cost. With RSM scheme, we carry out a cryptanalysis on DPA Contest V4 and propose several profiled and non-profiled power analyses against the RSM and RSM-Like schemes. Furthermore, we propose MCPA, which is based on the cluster model to classify the power/EM traces according to the value of different mask bytes. MCPA only relies on the types of the mask sequences. The results of experiments on the reference traces show that our analysis is effective. We could recover the mask sequence and the round-key for the first round in AES-256 with about 100 power/EM traces. We also give some suggestions on the possible improvement of the RSM scheme to destroy the condition of SCA with different implementations.