Mutual Information Analysis: How, When and Why?
The Mutual Information Analysis (MIA) is a generic side-channel distinguisher that has been introduced at CHES 2008. This paper brings three contributions with respect to its applicability to practice. First, we emphasize that the MIA principle can be seen as a toolbox in which different (more or less effective) statistical methods can be plugged in. Doing this, we introduce interesting alternatives to the original proposal. Second, we discuss the contexts in which the MIA can lead to successful key recoveries with lower data complexity than classical attacks such as, e.g. using Pearson’s correlation coefficient. We show that such contexts exist in practically meaningful situations and analyze them statistically. Finally, we study the connections and differences between the MIA and a framework for the analysis of side-channel key recovery published at Eurocrypt 2009. We show that the MIA can be used to compare two leaking devices only if the discrete models used by an adversary to mount an attack perfectly correspond to the physical leakages.
- 3.Aumonier, S.: Generalized correlation power analysis. In: Ecrypt Workshop on Tools For Cryptanalysis. Krakòw, Poland (September 2007)Google Scholar
- 4.Bickel, P., Levina, E.: The earth’s mover’s distance is the mallows distance: some insights from statistics. In: Computer Vision 2001, vol. 2, pp. 251–256 (2001)Google Scholar
- 8.Csiszár, I.: Information-type measures of difference of probability distributions and indirect observation. Studia Sci. Math. Hungar. 2, 229–318 (1967)Google Scholar
- 10.DPA Contest 2008/2009, http://www.dpacontest.org/
- 13.Härdle, W.: Smoothing Techniques: With Implementation in S. Springer Series in Statistics (December 1990)Google Scholar
- 15.Lemke, K., Paar, C.: Gaussian mixture models for higher-order side channel analysis. In: Nejdl, W., Tochtermann, K. (eds.) EC-TEL 2006. LNCS, vol. 4227, pp. 14–27. Springer, Heidelberg (2006)Google Scholar
- 19.Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 499–518. Springer, Heidelberg (2009)Google Scholar
- 22.Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks (extended version). Cryptology ePrint Archive, Report 2006/139 (2006), http://eprint.iacr.org/
- 23.Turlach, B.A.: Bandwidth selection in kernel density estimation: a review. In: CORE and Institut de Statistique (1993)Google Scholar