FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

K82F LTC AES masking

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

K82F LTC AES masking

Jump to solution
‎04-03-2026 01:04 PM
652 Views
NewDwarf
Contributor I

Hello.

Is K82F's DPA countermeasure active just after Power-On Reset? 

In other words, does DPA countermeasure work without explicit calling of LTC_SetDpaMaskSeed(LTC0, maskSeed)? 

I am talking in context of LTC AES-128 encryption.

0 Kudos
Reply
1 Solution

Jump to solution
a month ago
571 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @NewDwarf ,

Thanks for your post. Yes, the LTC DPA countermeasure of the K82F is active immediately after power-on reset. For LTC DPA Mask Seed (LTC0_DPAMS) register, it's an entropy. Even if application didn't initialize, the hardware countermeasure can generate random number for using by itself.

Hope it helps.

BR

Celeste

 

------------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the "ACCEPT AS SOLUTION" button. Thank you!
------------------------------------------------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
8 Replies

Jump to solution
a month ago
560 Views
NewDwarf
Contributor I

@Celeste_Liu Thanks. If I say I am able to recover the AES keys from the LTC engine, is it known fact or is it something unknown to NXP?

0 Kudos
Reply

Jump to solution
4 weeks ago
526 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @NewDwarf ,

The K82F LTC engine does not provide a non‑transparent mode. AES masking is intended to mitigate information leakage during algorithm execution involving cryptographic keys, thereby defending against non‑invasive DPA attacks targeting key recovery.
However, protection against key recovery typically requires more comprehensive system‑level security design considerations. The LTC AES masking technique operates only at the algorithmic level and does not fully address all use cases, especially as attack methodologies continue to evolve. Moreover, it cannot replace security mechanisms implemented at the overall system design level.

BR

Celeste

0 Kudos
Reply

Jump to solution
4 weeks ago
521 Views
NewDwarf
Contributor I

The interesting thing I was able to recover AES keys by using the first-order attack. Two different leakage models gave me correctly recovered AES key on the LTC engine.

Usually, if masking countermeasure is applied, the first-order attack won't work and an attack should be the second and higher order.
0 Kudos
Reply

Jump to solution
4 weeks ago
489 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @NewDwarf ,

I need to check with the internal team for your question. Could you please provide the following information per our policy: company name, end application, and annual volume?

As this issue involves security, could you also help confirm whether an NDA has already been signed? And we recommend creating a private ticket to contact us for further support.

Case Creation Wizard 

BR

Celeste

0 Kudos
Reply

Jump to solution
3 weeks ago
345 Views
NewDwarf
Contributor I

@Celeste_Liu 

...and I cannot use the Case Creation Wizard as it doesn't allow private email to submit the findings.

0 Kudos
Reply

Jump to solution
3 weeks ago
325 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @NewDwarf ,

Sorry, this was my oversight. Cases cannot be submitted using a personal email address. You can continue to share your findings in the Community.
0 Kudos
Reply

Jump to solution
4 weeks ago
487 Views
NewDwarf
Contributor I

Hello @Celeste_Liu 

I am just an independent user/researcher for this specific topic.

0 Kudos
Reply

Jump to solution
a month ago
572 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @NewDwarf ,

Thanks for your post. Yes, the LTC DPA countermeasure of the K82F is active immediately after power-on reset. For LTC DPA Mask Seed (LTC0_DPAMS) register, it's an entropy. Even if application didn't initialize, the hardware countermeasure can generate random number for using by itself.

Hope it helps.

BR

Celeste

 

------------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the "ACCEPT AS SOLUTION" button. Thank you!
------------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2345159%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EK82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2345159%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello.%3C%2FP%3E%3CP%3EIs%20K82F's%20DPA%20countermeasure%20active%20just%20after%20Power-On%20Reset%3F%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20other%20words%2C%20does%20DPA%20countermeasure%20work%20without%20explicit%20calling%20of%26nbsp%3B%3CSPAN%20class%3D%22%22%3ELTC_SetDpaMaskSeed(LTC0%2C%20maskSeed)%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EI%20am%20talking%20in%20context%20of%20LTC%20AES-128%20encryption.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2346066%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2346066%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F237877%22%20target%3D%22_blank%22%3E%40Celeste_Liu%3C%2FA%3E%26nbsp%3BThanks.%20If%20I%20say%20I%20am%20able%20to%20recover%20the%20AES%20keys%20from%20the%20LTC%20engine%2C%20is%20it%20known%20fact%20or%20is%20it%20something%20unknown%20to%20NXP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2345963%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2345963%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261039%22%20target%3D%22_blank%22%3E%40NewDwarf%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CP%3EThanks%20for%20your%20post.%20Yes%2C%26nbsp%3Bthe%20LTC%20DPA%20countermeasure%20of%20the%20K82F%20is%20active%20immediately%20after%20power-on%20reset.%26nbsp%3BFor%20LTC%20DPA%20Mask%20Seed%20(LTC0_DPAMS)%20register%2C%20it's%20an%20entropy.%20Even%20if%20application%20didn't%20initialize%2C%20the%20hardware%20countermeasure%20can%20generate%20random%20number%20for%20using%20by%20itself.%3C%2FP%3E%0A%3CP%3EHope%20it%20helps.%3C%2FP%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3ECeleste%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3E------------------------------------------------------------------------------------------------------------------------%3CBR%20%2F%3ENote%3A%20If%20this%20post%20answers%20your%20question%2C%20please%20click%20the%20%22ACCEPT%20AS%20SOLUTION%22%20button.%20Thank%20you!%3CBR%20%2F%3E------------------------------------------------------------------------------------------------------------------------%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2347021%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2347021%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F237877%22%20target%3D%22_blank%22%3E%40Celeste_Liu%3C%2FA%3E%26nbsp%3BHello%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EThe%20interesting%20thing%20I%20was%20able%20to%20recover%20AES%20keys%20by%20using%20the%20first-order%20attack.%20Two%20different%20leakage%20models%20gave%20me%20correctly%20recovered%20AES%20key%20on%20the%20LTC%20engine.%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EUsually%2C%20if%20masking%20countermeasure%20is%20applied%2C%20the%20first-order%20attack%20won%3C%2FSPAN%3E%3CSPAN%3E't%20work%20and%20an%20attack%20should%20be%20the%20second%20and%20higher%20order.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2346837%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2346837%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261039%22%20target%3D%22_blank%22%3E%40NewDwarf%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CDIV%3E%0A%3CP%3EThe%20K82F%20LTC%20engine%20does%20not%20provide%20a%20non%E2%80%91transparent%20mode.%20AES%20masking%20is%20intended%20to%20mitigate%20information%20leakage%20during%20algorithm%20execution%20involving%20cryptographic%20keys%2C%20thereby%20defending%20against%20non%E2%80%91invasive%20DPA%20attacks%20targeting%20key%20recovery.%3CBR%20%2F%3EHowever%2C%20protection%20against%20key%20recovery%20typically%20requires%20more%20comprehensive%20system%E2%80%91level%20security%20design%20considerations.%20The%20LTC%20AES%20masking%20technique%20operates%20only%20at%20the%20algorithmic%20level%20and%20does%20not%20fully%20address%20all%20use%20cases%2C%20especially%20as%20attack%20methodologies%20continue%20to%20evolve.%20Moreover%2C%20it%20cannot%20replace%20security%20mechanisms%20implemented%20at%20the%20overall%20system%20design%20level.%3C%2FP%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3ECeleste%3C%2FP%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2350936%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2350936%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F237877%22%20target%3D%22_blank%22%3E%40Celeste_Liu%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E...and%20I%20cannot%20use%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.nxp.com%2Fs%2F%3Flanguage%3Den_US%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ECase%20Creation%20Wizard%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bas%20it%20doesn't%20allow%20private%20email%20to%20submit%20the%20findings.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2351055%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20K82F%20LTC%20AES%20masking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2351055%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261039%22%20target%3D%22_blank%22%3E%40NewDwarf%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CDIV%3ESorry%2C%20this%20was%20my%20oversight.%20Cases%20cannot%20be%20submitted%20using%20a%20personal%20email%20address.%20You%20can%20continue%20to%20share%20your%20findings%20in%20the%20Community.%3C%2FDIV%3E%3C%2FLINGO-BODY%3E