DPA Contest is a world-famous side-channel competition aiming at analyzing and evaluating the implementing security of some latest countermeasures. Improved Rotating S-box Masking Scheme (RSM2.0) is one of the most popular countermeasures designed during DPA Contest V4.2, which arms with both Low Entropy Masking Schemes and shuffling strategy to ensure the software security of AES-128, particularly the non-profiled security. Up to now, conducting high efficient non-profiled attacking scheme with low resource costs is still a challenge. In this paper, we first propose general and non-profiled leakage fingerprint attacks (named NP-LFA) for secret cracking and make use of it to crack RSM2.0 random masks with almost 100% accuracy. Further, we analyze the hidden vulnerabilities embedded in RSM2.0 implementation, and utilize them to bypass the shuffling defense and perform the master key recovery. Official evaluation results show that NP-LFA is capable of compromising RSM2.0 within 14 traces, each of which only costs 60 ms processing time. Such result validates the high efficiency and light-weighted characteristics of our attacking scheme, which has ranked the first in the official website till now. In addition, we discuss and put forward some possible strategies to mitigate our NP-LFA threats.

中文翻译：

---

NP-LFA：针对改进的旋转 S-box 掩蔽方案的非轮廓泄漏指纹攻击

DPA Contest是世界著名的侧信道竞赛，旨在分析和评估一些最新对策的实施安全性。改进的 Rotating S-box Masking Scheme (RSM2.0) 是 DPA Contest V4.2 期间设计的最流行的对策之一，它结合了低熵掩码方案和改组策略，以确保 AES-128 的软件安全，特别是非配置文件的安全性。到目前为止，以低资源成本进行高效的非剖析攻击方案仍然是一个挑战。在本文中，我们首先提出了用于秘密破解的通用和非轮廓泄漏指纹攻击（命名为 NP-LFA），并利用它以几乎 100% 的准确率破解 RSM2.0 随机掩码。此外，我们分析了嵌入在 RSM2.0 实现中的隐藏漏洞，并利用它们绕过洗牌防御并执行主密钥恢复。官方评估结果表明，NP-LFA 能够在 14 条迹线内破坏 RSM2.0，每条迹线仅需 60 毫秒的处理时间。这样的结果验证了我们的攻击方案的高效和轻量级的特点，该方案目前在官网排名第一。此外，我们讨论并提出了一些可能的策略来减轻我们的 NP-LFA 威胁。