Randomized Addressing Countermeasures are Inefficient Against Address-Bit SCA

Abstract

The resistance of cryptographic implementations against SCA attacks is highly important if devices are physically accessible. The vulnerability of public key approaches to address-bit attacks is not solved yet. Different randomization approaches proposed in the literature as countermeasures have been successfully attacked in the past. In contrast to these countermeasures the low-cost countermeasure presented in [1] was not yet reported as successfully attacked. We present our idea of how the processed scalar can be revealed even when this countermeasure is implemented. We explain how the well-known address randomization countermeasures [1] and [2] can be broken attacking a single trace.