Skip to main content
SpringerLink
Log in

Mutual information analysis: higher-order statistical moments, efficiency and efficacy

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The wide attention given to the mutual information analysis (MIA) is often connected to its statistical genericity, denoted flexibility in this paper. Indeed, MIA is expected to lead to successful key recoveries with no reliance on a priori knowledge about the implementation (impacted by the error modeling made by the attacker. and with as minimum assumptions as possible about the leakage distribution, i.e. able to exploit information lying in any statistical moment and to detect all types of functional dependencies), up to the error modeling which impacts its efficiency (and even its effectiveness). However, emphasis is put on the powerful generality of the concept behind the MIA, as well as on the significance of adequate probability density functions (PDF) estimation which seriously impacts its performance. By contrast to its theoretical advantages, MIA suffers from underperformance in practice limiting its usage. Considering that this underperformance could be explained by suboptimal estimation procedures, we studied in-depth MIA by analyzing the link between the setting of tuning parameters involved in the commonly used nonparametric density estimation, namely kernel density estimation, with respect to three criteria: the statistical moment where the leakage prevails, MIA’s efficiency and its flexibility according to the classical Hamming weight model. The goal of this paper was, therefore, to cast some interesting light on the field of PDF estimation issues in MIA for which much work has been devoted to finding improved estimators having their pros and cons, while little attempt has been made to identify whether existing classical methods can be practically improved or not according to the degree of freedom offered by hyperparameters (when available). We show that some ‘optimal’ estimation procedures following a problem-based approach rather than the systemic use of heuristics following an accuracy-based approach can make MIA more efficient and flexible and a practical guideline for tuning the hyperparameters involved in MIA should be designed. The results of this analysis allowed us defining a guideline based on a detailed comparison of MIA’s results across various simulations and real-world datasets (including publicly available ones such as DPA contest V2 and V4.1).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. Formally l(x) is a probability mass function (PMF) because X is discrete. To simplify notation, we use the generic acronym PDF.

  2. To avoid over-fitting \(\theta \) in some cases, i.e. when leakage is embedded on higher-order statistical moment (not explored in [13]) leading to an incorrect key distinguishability.

References

  1. TELECOM ParisTech SEN research group: DPA Contest. 2008–2014

  2. Akaike, H.: Information theory and an extension of the Maximum Likelihood Principle. In: Petrov, B.N., Csaki, F. (eds.) Second International Symposium on Information Theory. Akadémiai Kiadom, Budapest (1973)

    Google Scholar 

  3. Aumonier, S.: Generalized correlation power analysis. In: ECRYPT Workshop on Tools For Cryptanalysis, Kraków, Poland (2007)

  4. Barndorff-Nielsen, O.: Exponentially decreasing distributions for the logarithm of particle size. R. Soc. Lond. Proc. Ser. A 353, 401–419 (1977)

    Article  Google Scholar 

  5. Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems. Lecture notes in computer science, vol. 5747, pp. 112–127. Springer, Berline (2009)

    Google Scholar 

  6. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24, 269–291 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  7. Belgarric, P., Bruneau, N., Danger, J.-L., Debande, N., Guilley, S., Heuser, A., Najm, Z., Rioul, O., Bhasin, S.: Time-frequency analysis for second-order attacks. In: Aurélien, F., Pankaj, R. (eds.) Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, Nov 27–29, 2013, Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 108–122. Springer(2013)

  8. Bevan, R., Knudsen, E.: Ways to enhance differential power analysis. In: Lee, P.J., Lim, C.H. (eds.) Information Security and Cryptology - 5th International Conference ICISC 2002, Seoul, Korea, Nov 28–29, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2587, pp. 327–342. Springer (2002)

  9. Bhasin, S., Carlet, C., Guilley, S.: Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions. IACR Cryptol. ePrint Arch. 2013, 303 (2013)

    Google Scholar 

  10. Bhasin, S., Danger, J., Guilley, S., Najm, Z.: Side-channel leakage and trace compression using normalized inter-class variance. In: Lee, R.B., Shi, W. (eds.) HASP, pp. 7:1–7:9. ACM, New York (2014)

  11. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold Implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LCNS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014)

    Google Scholar 

  12. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems, vol. 3156, LNCS, pp. 16–29, Cambridge, MA, USA. Springer, Heidelberg (2004)

  13. Carbone, M., Tiran, S., Ordas, S., Agoyan, M., Teglia, Y., Ducharme, G.R., Maurine, P.: On Adaptive Bandwidth Selection for Efficient MIA. In: COSADE (2014)

  14. Coron, J., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007)

    Google Scholar 

  15. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1, 123–144 (2011)

    Article  Google Scholar 

  16. Freedman, D., Diaconis, P.: On the histogram as a density estimator:L2 theory. Probab. Theory Relat. Fields 57, 453–476 (1981)

    MATH  Google Scholar 

  17. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis: a generic side-channel distinguisher. In: Oswald, E., Rohatgi, P. (eds) Cryptographic Hardware and Embedded Systems - 10th International Workshop, CHES 2008, Lecture Notes in Computer Science, vol. 5141, pp. 426–442 (2008)

  18. Hansen, B.E.: Lecture Notes on Nonparametrics. Unpublished lecture notes (2009)

  19. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19. Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999)

  20. Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) Advances in Information and Computer Security - 5th International Workshop on Security, IWSEC, Kobe, Japan, November 22–24. Proceedings. Lecture Notes in Computer Science, vol. 6434, pp. 285–300. Springer (2010)

  21. Linge, Y., Dumas, C., Lambert-Lacroix, S.: Maximal Information Coefficient Analysis. Cryptology ePrint Archive, Report 2014/012, (2014)

  22. Lomné, V., Prouff, E., Roche, T.: Behind the scene of side channel attacks. In: Sako, K., Sarkar, P. (eds) ASIACRYPT, vol. Kazue Sako and Palash Sarkar, LNCS, pp. 506–525. Springer (2013)

  23. Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP. Lecture notes in computer science, pp. 208–223. Springer, New York (2011)

  24. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31, 1st edn. Springer Publishing Company Incorporated, New York (2006)

  25. Messerges, T.S.: Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois (2000)

  26. Messerges, T.S., Dabbish, E.A.: Investigations of power analysis attacks on smartcards. In: Guthery, S. B., Honeyman, P. (eds.) Proceedings of the 1st Workshop on Smartcard Technology, Smartcard 1999, Chicago, Illinois, USA, May 10–11. USENIX Association (1999)

  27. Moradi, A., Guilley, S., Heuser, A.: Detecting hidden leakages. In: ACNS, pp 324–342 (2014)

  28. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT. Lecture notes in computer science, vol. 6632, pp. 69–88. Springer, Berlin (2011)

    Google Scholar 

  29. Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware-what are the achievements versus overheads? In: Güneysu, T.G., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015)

    Google Scholar 

  30. Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: DATE, pp. 1173–1178 (2012)

  31. Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. Proceedings of the 11th International Conference on Smart Card Research and Advanced Applications. CARDIS’12, pp. 219–233. Springer-Verlag, Berlin (2013)

  32. Prouff, E., McEvoy, R.P.: First-order side-channel attacks on the permutation tables countermeasure—extended version. IACR Cryptol. ePrint Arch. 2010, 385 (2010)

  33. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. ACNS 2009. vol 5536, LNCS, pp. 499–518. France, Paris (2009)

  34. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. IJACT 2(2), 121–138 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  35. Reparaz, O., Gierlichs, B., Verbauwhede, I.: Generic DPA attacks: curse or blessing? In: Prouff, E.(ed.) Constructive Side-Channel Analysis and Secure Design - 5th International Workshop, COSADE 2014, Paris, France, Apr 13–15, 2014. Revised Selected Papers, vol. 8622, pp. 98–111. Springer (2014)

  36. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Cryptographic Hardware and Embedded Systems, vol. 3659, Lecture Notes Computer Science, pp. 30–46. Springer (2005)

  37. Schneider, T., Moradi, A.: Leakage assessment methodology-a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 9293, pp. 495–513. Springer, New York (2015)

    Google Scholar 

  38. Schneider, T., Moradi, A., Güneysu, T.: Robust and one-pass parallel computation of correlation-based attacks at arbitrary order. IACR Cryptol. ePrint Arch. 2015, 571 (2015)

    Google Scholar 

  39. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA. Lecture notes in computer science, vol. 3860. Springer, Berline (2006)

  40. Scott, D.W.: On optimal and data-based histograms. Biometrika 66, 605–610 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  41. Scott, D.W.: Multivariate Density Estimation: Theory. Practice and Visualization. Wiley, New York (1992)

    Book  MATH  Google Scholar 

  42. Silverman, B.: Density Estimation for Statistics and Data Analysis, p. 48. Chapman & Hall/CRC, London (1998)

    Google Scholar 

  43. Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P.J., Cheon, J.H. (eds.) Information Security and Cryptology - ICISC 2008, 11th International Conference, Seoul, Korea, December 3–5, 2008, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5461, pp. 253–267. Springer (2008)

  44. Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. Proceedings of the 28th Annual International Conference on Advances in Cryptology: The Theory and Applications of Cryptographic Techniques. EUROCRYPT ’09, pp. 443–461. Springer-Verlag, Berlin (2009)

  45. Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: how, when and why? In: Cryptographic Hardware and Embedded Systems, vol. 5747, LNCS, pp. 429–443, Lausanne, Switzerland (2009)

  46. Tiran, S., Ordas, S., Teglia, Y., Agoyan, M., Maurine, P.: A model of the leakage in the frequency domain and its application to CPA and DPA. J. Cryptogr. Eng. 4(3), 197–212 (2014)

    Article  Google Scholar 

  47. Tiran, S., Reymond, G., Rigaud, J., Aboulkassimi, D., Gierlichs, B., Carbone, M., Ducharme, G.R., Maurine, P.: Analysis of variance and CPA in SCA. IACR Cryptol. ePrint Arch. 2014, 707 (2014)

    Google Scholar 

  48. Venelli, A.: Efficient entropy estimation for mutual information analysis using B-splines. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, 4th IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, Apr 12–14, 2010. Proceedings. Lecture Notes in Computer Science,vol. 6033, pp. 17–30. Springer (2010)

  49. Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: Improvements and limitations. In: CRYPTO 2011, vol. 6841, LNCS, pp 354–372. Cryptology ePrint Archive, Report 2011/149 (2011)

  50. Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)

    Article  Google Scholar 

  51. Whitnall, C., Oswald, E., Standaert, F.-X.: The myth of generic DPA...and the magic of learning. In: Benaloh, J. (ed.) Topics in Cryptology - CT-RSA 2014 - The Cryptographer’s Track at the RSA Conference 2014, San Francisco, CA, USA, Feb 25–28, 2014. Proceedings. Lecture Notes in Computer Science, vol. 8366, pp. 183–205. Springer (2014)

  52. Ye, X., Eisenbarth, T.: On the vulnerability of low entropy masking schemes. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, Nov 27–29, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 44–60. Springer (2014)

Download references

Author information

Authors and Affiliations

  1. ST Microelectronics-Advanced System Technology, Avenue Célestin Coq, Rousset, 13790, France

    Mathieu Carbone & Yannick Teglia

  2. LIRMM-Laboratoire d’Informatique de Robotique et de Microélectronique de Montpellier, 161, Rue Ada, Montpellier Cedex 5, 34090, France

    Mathieu Carbone & Philippe Maurine

  3. EPS-Institut de Mathématiques et de Modélisation de Montpellier, 2, Place Eugène Bataillon, Université Montpellier 2, Montpellier Cedex 5, 34095, France

    Gilles R. Ducharme

  4. CEA-Centre Microélectronique de Provence Georges Charpak, 880, Route de Mimet, Gardanne, 13541, France

    Philippe Maurine

Authors
  1. Mathieu Carbone
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yannick Teglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gilles R. Ducharme
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philippe Maurine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mathieu Carbone.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Carbone, M., Teglia, Y., Ducharme, G.R. et al. Mutual information analysis: higher-order statistical moments, efficiency and efficacy. J Cryptogr Eng 7, 1–17 (2017). https://doi.org/10.1007/s13389-016-0123-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-016-0123-8

Keywords

Search

Navigation