Abstract
The wide attention given to the mutual information analysis (MIA) is often connected to its statistical genericity, denoted flexibility in this paper. Indeed, MIA is expected to lead to successful key recoveries with no reliance on a priori knowledge about the implementation (impacted by the error modeling made by the attacker. and with as minimum assumptions as possible about the leakage distribution, i.e. able to exploit information lying in any statistical moment and to detect all types of functional dependencies), up to the error modeling which impacts its efficiency (and even its effectiveness). However, emphasis is put on the powerful generality of the concept behind the MIA, as well as on the significance of adequate probability density functions (PDF) estimation which seriously impacts its performance. By contrast to its theoretical advantages, MIA suffers from underperformance in practice limiting its usage. Considering that this underperformance could be explained by suboptimal estimation procedures, we studied in-depth MIA by analyzing the link between the setting of tuning parameters involved in the commonly used nonparametric density estimation, namely kernel density estimation, with respect to three criteria: the statistical moment where the leakage prevails, MIA’s efficiency and its flexibility according to the classical Hamming weight model. The goal of this paper was, therefore, to cast some interesting light on the field of PDF estimation issues in MIA for which much work has been devoted to finding improved estimators having their pros and cons, while little attempt has been made to identify whether existing classical methods can be practically improved or not according to the degree of freedom offered by hyperparameters (when available). We show that some ‘optimal’ estimation procedures following a problem-based approach rather than the systemic use of heuristics following an accuracy-based approach can make MIA more efficient and flexible and a practical guideline for tuning the hyperparameters involved in MIA should be designed. The results of this analysis allowed us defining a guideline based on a detailed comparison of MIA’s results across various simulations and real-world datasets (including publicly available ones such as DPA contest V2 and V4.1).
Similar content being viewed by others
Notes
Formally l(x) is a probability mass function (PMF) because X is discrete. To simplify notation, we use the generic acronym PDF.
To avoid over-fitting \(\theta \) in some cases, i.e. when leakage is embedded on higher-order statistical moment (not explored in [13]) leading to an incorrect key distinguishability.
References
TELECOM ParisTech SEN research group: DPA Contest. 2008–2014
Akaike, H.: Information theory and an extension of the Maximum Likelihood Principle. In: Petrov, B.N., Csaki, F. (eds.) Second International Symposium on Information Theory. Akadémiai Kiadom, Budapest (1973)
Aumonier, S.: Generalized correlation power analysis. In: ECRYPT Workshop on Tools For Cryptanalysis, Kraków, Poland (2007)
Barndorff-Nielsen, O.: Exponentially decreasing distributions for the logarithm of particle size. R. Soc. Lond. Proc. Ser. A 353, 401–419 (1977)
Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems. Lecture notes in computer science, vol. 5747, pp. 112–127. Springer, Berline (2009)
Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24, 269–291 (2011)
Belgarric, P., Bruneau, N., Danger, J.-L., Debande, N., Guilley, S., Heuser, A., Najm, Z., Rioul, O., Bhasin, S.: Time-frequency analysis for second-order attacks. In: Aurélien, F., Pankaj, R. (eds.) Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, Nov 27–29, 2013, Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 108–122. Springer(2013)
Bevan, R., Knudsen, E.: Ways to enhance differential power analysis. In: Lee, P.J., Lim, C.H. (eds.) Information Security and Cryptology - 5th International Conference ICISC 2002, Seoul, Korea, Nov 28–29, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2587, pp. 327–342. Springer (2002)
Bhasin, S., Carlet, C., Guilley, S.: Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions. IACR Cryptol. ePrint Arch. 2013, 303 (2013)
Bhasin, S., Danger, J., Guilley, S., Najm, Z.: Side-channel leakage and trace compression using normalized inter-class variance. In: Lee, R.B., Shi, W. (eds.) HASP, pp. 7:1–7:9. ACM, New York (2014)
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold Implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LCNS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems, vol. 3156, LNCS, pp. 16–29, Cambridge, MA, USA. Springer, Heidelberg (2004)
Carbone, M., Tiran, S., Ordas, S., Agoyan, M., Teglia, Y., Ducharme, G.R., Maurine, P.: On Adaptive Bandwidth Selection for Efficient MIA. In: COSADE (2014)
Coron, J., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007)
Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1, 123–144 (2011)
Freedman, D., Diaconis, P.: On the histogram as a density estimator:L2 theory. Probab. Theory Relat. Fields 57, 453–476 (1981)
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis: a generic side-channel distinguisher. In: Oswald, E., Rohatgi, P. (eds) Cryptographic Hardware and Embedded Systems - 10th International Workshop, CHES 2008, Lecture Notes in Computer Science, vol. 5141, pp. 426–442 (2008)
Hansen, B.E.: Lecture Notes on Nonparametrics. Unpublished lecture notes (2009)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19. Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999)
Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) Advances in Information and Computer Security - 5th International Workshop on Security, IWSEC, Kobe, Japan, November 22–24. Proceedings. Lecture Notes in Computer Science, vol. 6434, pp. 285–300. Springer (2010)
Linge, Y., Dumas, C., Lambert-Lacroix, S.: Maximal Information Coefficient Analysis. Cryptology ePrint Archive, Report 2014/012, (2014)
Lomné, V., Prouff, E., Roche, T.: Behind the scene of side channel attacks. In: Sako, K., Sarkar, P. (eds) ASIACRYPT, vol. Kazue Sako and Palash Sarkar, LNCS, pp. 506–525. Springer (2013)
Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP. Lecture notes in computer science, pp. 208–223. Springer, New York (2011)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31, 1st edn. Springer Publishing Company Incorporated, New York (2006)
Messerges, T.S.: Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois (2000)
Messerges, T.S., Dabbish, E.A.: Investigations of power analysis attacks on smartcards. In: Guthery, S. B., Honeyman, P. (eds.) Proceedings of the 1st Workshop on Smartcard Technology, Smartcard 1999, Chicago, Illinois, USA, May 10–11. USENIX Association (1999)
Moradi, A., Guilley, S., Heuser, A.: Detecting hidden leakages. In: ACNS, pp 324–342 (2014)
Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT. Lecture notes in computer science, vol. 6632, pp. 69–88. Springer, Berlin (2011)
Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware-what are the achievements versus overheads? In: Güneysu, T.G., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015)
Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: DATE, pp. 1173–1178 (2012)
Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. Proceedings of the 11th International Conference on Smart Card Research and Advanced Applications. CARDIS’12, pp. 219–233. Springer-Verlag, Berlin (2013)
Prouff, E., McEvoy, R.P.: First-order side-channel attacks on the permutation tables countermeasure—extended version. IACR Cryptol. ePrint Arch. 2010, 385 (2010)
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. ACNS 2009. vol 5536, LNCS, pp. 499–518. France, Paris (2009)
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. IJACT 2(2), 121–138 (2010)
Reparaz, O., Gierlichs, B., Verbauwhede, I.: Generic DPA attacks: curse or blessing? In: Prouff, E.(ed.) Constructive Side-Channel Analysis and Secure Design - 5th International Workshop, COSADE 2014, Paris, France, Apr 13–15, 2014. Revised Selected Papers, vol. 8622, pp. 98–111. Springer (2014)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Cryptographic Hardware and Embedded Systems, vol. 3659, Lecture Notes Computer Science, pp. 30–46. Springer (2005)
Schneider, T., Moradi, A.: Leakage assessment methodology-a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems. LNCS, vol. 9293, pp. 495–513. Springer, New York (2015)
Schneider, T., Moradi, A., Güneysu, T.: Robust and one-pass parallel computation of correlation-based attacks at arbitrary order. IACR Cryptol. ePrint Arch. 2015, 571 (2015)
Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA. Lecture notes in computer science, vol. 3860. Springer, Berline (2006)
Scott, D.W.: On optimal and data-based histograms. Biometrika 66, 605–610 (1979)
Scott, D.W.: Multivariate Density Estimation: Theory. Practice and Visualization. Wiley, New York (1992)
Silverman, B.: Density Estimation for Statistics and Data Analysis, p. 48. Chapman & Hall/CRC, London (1998)
Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P.J., Cheon, J.H. (eds.) Information Security and Cryptology - ICISC 2008, 11th International Conference, Seoul, Korea, December 3–5, 2008, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5461, pp. 253–267. Springer (2008)
Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. Proceedings of the 28th Annual International Conference on Advances in Cryptology: The Theory and Applications of Cryptographic Techniques. EUROCRYPT ’09, pp. 443–461. Springer-Verlag, Berlin (2009)
Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: how, when and why? In: Cryptographic Hardware and Embedded Systems, vol. 5747, LNCS, pp. 429–443, Lausanne, Switzerland (2009)
Tiran, S., Ordas, S., Teglia, Y., Agoyan, M., Maurine, P.: A model of the leakage in the frequency domain and its application to CPA and DPA. J. Cryptogr. Eng. 4(3), 197–212 (2014)
Tiran, S., Reymond, G., Rigaud, J., Aboulkassimi, D., Gierlichs, B., Carbone, M., Ducharme, G.R., Maurine, P.: Analysis of variance and CPA in SCA. IACR Cryptol. ePrint Arch. 2014, 707 (2014)
Venelli, A.: Efficient entropy estimation for mutual information analysis using B-splines. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, 4th IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, Apr 12–14, 2010. Proceedings. Lecture Notes in Computer Science,vol. 6033, pp. 17–30. Springer (2010)
Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: Improvements and limitations. In: CRYPTO 2011, vol. 6841, LNCS, pp 354–372. Cryptology ePrint Archive, Report 2011/149 (2011)
Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)
Whitnall, C., Oswald, E., Standaert, F.-X.: The myth of generic DPA...and the magic of learning. In: Benaloh, J. (ed.) Topics in Cryptology - CT-RSA 2014 - The Cryptographer’s Track at the RSA Conference 2014, San Francisco, CA, USA, Feb 25–28, 2014. Proceedings. Lecture Notes in Computer Science, vol. 8366, pp. 183–205. Springer (2014)
Ye, X., Eisenbarth, T.: On the vulnerability of low entropy masking schemes. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, Nov 27–29, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 44–60. Springer (2014)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Carbone, M., Teglia, Y., Ducharme, G.R. et al. Mutual information analysis: higher-order statistical moments, efficiency and efficacy. J Cryptogr Eng 7, 1–17 (2017). https://doi.org/10.1007/s13389-016-0123-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-016-0123-8