Cryptographic Hardware and Embedded Systems - CHES 2009

Volume 5747 of the series Lecture Notes in Computer Science pp 429-443

Mutual Information Analysis: How, When and Why?

  • Nicolas Veyrat-CharvillonAffiliated withUCL Crypto Group, Université catholique de Louvain
  • , François-Xavier StandaertAffiliated withUCL Crypto Group, Université catholique de Louvain


The Mutual Information Analysis (MIA) is a generic side-channel distinguisher that has been introduced at CHES 2008. This paper brings three contributions with respect to its applicability to practice. First, we emphasize that the MIA principle can be seen as a toolbox in which different (more or less effective) statistical methods can be plugged in. Doing this, we introduce interesting alternatives to the original proposal. Second, we discuss the contexts in which the MIA can lead to successful key recoveries with lower data complexity than classical attacks such as, e.g. using Pearson’s correlation coefficient. We show that such contexts exist in practically meaningful situations and analyze them statistically. Finally, we study the connections and differences between the MIA and a framework for the analysis of side-channel key recovery published at Eurocrypt 2009. We show that the MIA can be used to compare two leaking devices only if the discrete models used by an adversary to mount an attack perfectly correspond to the physical leakages.