Cryptographic Hardware and Embedded Systems – CHES 2008

Volume 5154 of the series Lecture Notes in Computer Science pp 426-442

Mutual Information Analysis

A Generic Side-Channel Distinguisher
  • Benedikt GierlichsAffiliated withK.U. Leuven, ESAT/SCD-COSIC and IBBT
  • , Lejla BatinaAffiliated withK.U. Leuven, ESAT/SCD-COSIC and IBBT
  • , Pim TuylsAffiliated withK.U. Leuven, ESAT/SCD-COSIC and IBBTPhilips Research Europe
  • , Bart PreneelAffiliated withK.U. Leuven, ESAT/SCD-COSIC and IBBT


We propose a generic information-theoretic distinguisher for differential side-channel analysis. Our model of side-channel leakage is a refinement of the one given by Standaert et al. An embedded device containing a secret key is modeled as a black box with a leakage function whose output is captured by an adversary through the noisy measurement of a physical observable. Although quite general, the model and the distinguisher are practical and allow us to develop a new differential side-channel attack. More precisely, we build a distinguisher that uses the value of the Mutual Information between the observed measurements and a hypothetical leakage to rank key guesses. The attack is effective without any knowledge about the particular dependencies between measurements and leakage as well as between leakage and processed data, which makes it a universal tool. Our approach is confirmed by results of power analysis experiments. We demonstrate that the model and the attack work effectively in an attack scenario against DPA-resistant logic.


Differential Side-Channel Analysis (DSCA) Information Theory Mutual Information DPA-resistant logic