The Myth of Generic DPA…and the Magic of Learning

  • Carolyn Whitnall
  • Elisabeth Oswald
  • François-Xavier Standaert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8366)

Abstract

A generic DPA strategy is one which is able to recover secret information from physically observable device leakage without any a priori knowledge about the device’s leakage characteristics. Here we provide much-needed clarification on results emerging from the existing literature, demonstrating precisely that such methods (strictly defined) are inherently restricted to a very limited selection of target functions. Continuing to search related techniques for a ‘silver bullet’ generic attack appears a bootless errand. However, we find that a minor relaxation of the strict definition—the incorporation of some minimal non-device-specific intuition—produces scope for generic-emulating strategies, able to succeed against a far wider range of targets. We present stepwise regression as an example of such, and demonstrate its effectiveness in a variety of scenarios. We also give some evidence that its practical performance matches that of ‘best bit’ DoM attacks which we take as further indication for the necessity of performing profiled attacks in the context of device evaluations.

Keywords

side-channel analysis differential power analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The DPA Contest, http://www.dpacontest.org/
  2. 2.
    Batina, L., Gierlichs, B., Lemke-Rust, K.: Comparative Evaluation of Rank Correlation Based DPA on an AES Prototype Chip. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 341–354. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual Information Analysis: A Comprehensive Study. Journal of Cryptology 24, 269–291 (2011)CrossRefMATHMathSciNetGoogle Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Canovas, C., Clediere, J.: What Do S-boxes Say in Differential Side Channel Attacks? Cryptology ePrint Archive, Report 2005/311 (2005)Google Scholar
  6. 6.
    Carlet, C.: Boolean Functions for Cryptography and Error Correcting Codes. In: Boolean Models and Methods in Mathematics, Computer Science, and Engineering, 1st edn., pp. 257–397. Cambridge University Press, New York (2010)CrossRefGoogle Scholar
  7. 7.
    Carlet, C.: Vectorial Boolean Functions for Cryptography. In: Boolean Models and Methods in Mathematics, Computer Science, and Engineering, 1st edn., pp. 398–469. Cambridge University Press, New York (2010)CrossRefGoogle Scholar
  8. 8.
    Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate Side Channel Attacks and Leakage Modeling. J. Cryptographic Engineering 1(2), 123–144 (2011)CrossRefGoogle Scholar
  10. 10.
    Evertse, J.-H.: Linear Structures in Block Ciphers. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 249–266. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  11. 11.
    Gierlichs, B.: Statistical and Information-Theoretic Methods for Power Analysis on Embedded Cryptography. PhD thesis, Katholieke Universiteit Leuven, Faculty of Engineering (2011)Google Scholar
  12. 12.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis: A Generic Side-Channel Distinguisher. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Goutte, C., Gaussier, É.: A Probabilistic Interpretation of Precision, Recall and F-Score, with Implication for Evaluation. In: Losada, D.E., Fernández-Luna, J.M. (eds.) ECIR 2005. LNCS, vol. 3408, pp. 345–359. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Heys, H.M.: A tutorial on linear and differential cryptanalysis. Cryptologia 26, 189–221 (2002)CrossRefGoogle Scholar
  15. 15.
    Hocking, R.R.: The Analysis and Selection of Variables in Linear Regression. Biometrics 32(1), 1–49 (1976)CrossRefMATHMathSciNetGoogle Scholar
  16. 16.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Kowalski, G.: Information retrieval architecture and algorithms. Springer, New York (2011)CrossRefMATHGoogle Scholar
  18. 18.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for All – All for One: Unifying Standard DPA Attacks. IET Information Security 5(2), 100–110 (2011)CrossRefGoogle Scholar
  19. 19.
    NIST. Security Requirements for Cryptographic Modules (Revised Draft). Technical Report FIPS PUB 140-3, US Department of Commerce (December 2009)Google Scholar
  20. 20.
    Nyberg, K.: Differentially Uniform Mappings for Cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55–64. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  21. 21.
    Prouff, E.: DPA Attacks and S-Boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Renauld, M., Kamel, D., Standaert, F.-X., Flandre, D.: Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 223–239. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to des. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Stevens, S.S.: On the theory of scales of measurement. Science 103, 677–680 (1946)CrossRefMATHGoogle Scholar
  29. 29.
    Tiri, K., Verbauwhede, I.: Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 125–136. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Veyrat-Charvillon, N., Standaert, F.-X.: Mutual Information Analysis: How, When and Why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: Improvements and limitations. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 354–372. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  32. 32.
    Wagner, M.: 700+ attacks published on smart cards: The need for a systematic counter strategy. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 33–38. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Whitnall, C., Oswald, E.: A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 316–334. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  34. 34.
    Whitnall, C., Oswald, E.: A Fair Evaluation Framework for Comparing Side-Channel Distinguishers. Journal of Cryptographic Engineering 1(2), 145–160 (2011)CrossRefGoogle Scholar
  35. 35.
    Whitnall, C., Oswald, E., Mather, L.: An Exploration of the Kolmogorov-Smirnov Test as Competitor to Mutual Information Analysis. Cryptology ePrint Archive, Report 2011/380 (2011), http://eprint.iacr.org/
  36. 36.
    Youssef, A.M., Tavares, S.E.: Resistance of Balanced S-Boxes to Linear and Differential Cryptanalysis. Inf. Process. Lett. 56, 249–252 (1995)CrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Carolyn Whitnall
    • 1
  • Elisabeth Oswald
    • 1
  • François-Xavier Standaert
    • 2
  1. 1.Department of Computer ScienceUniversity of BristolBristolUK
  2. 2.UCL Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations