Generic DPA Attacks: Curse or Blessing?

Generic DPA attacks, such as MIA, have been recently proposed as a method to mount DPA attacks without the need for possibly restrictive assumptions on the leakage behaviour. Previous work identified some shortcomings of generic DPA attacks when attacking injective targets (such as the AES Sbox output). In this paper, we focus on that particular property of generic DPA attacks and explain limitations, workarounds and advantages. Firstly we show that the original fix to address this issue (consisting of dropping bits on predictions to destroy the injectivity) works in practice. Secondly, we describe how a determined attacker can circumvent the issue of attacking injective targets and mount a generic attack on the AES using previously mentioned noninjective targets. Thirdly, we explain important and attractive properties of generic attacks, such as being effective under any leakage behaviour. Consequently, we are able to recover keys even if the attacker only observes an encrypted version of the leakage, for instance when a device is using bus encryption with a constant key. The same property also allows to mount attacks on later rounds of the AES with a reduced number of key hypotheses compared to classical DPA. All main observations are supported by experimental results, when possible on real measurements.