Skip to main content

Higher-Order DCA against Standard Side-Channel Countermeasures

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11421)

Abstract

At CHES 2016, Bos et al. introduced differential computational analysis (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses computational traces consisting of plain values computed by the implementation during execution. It was shown to be able to recover the key of many existing AES white-box implementations.

The DCA adversary is passive, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. It is therefore important to develop implementations which are resistant to this attack. We investigate the approach of applying standard side-channel countermeasures such as masking and shuffling. Under some necessary conditions on the underlying randomness generation, we show that these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce higher-order DCA, along with an enhanced multivariate version, and analyze the security of the countermeasures against these attacks. We derive analytic expressions for the complexity of the attacks – backed up through extensive attack experiments – enabling a designer to quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting.

Keywords

  • White-box cryptography
  • Higher-order DCA
  • Masking
  • Shuffling

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-16350-1_8
  • Chapter length: 24 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-16350-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    Following the DCA setting described in Sect. 2.1, the only impact of the countermeasures in presence of a known PRNG is to change the deterministic function \(\varphi \) in the expression of the secret variable s.

  2. 2.

    In practice, the adversary could exhaustively search the correct location of the \((\lambda \cdot d)\)-length subtrace in the full computation trace of length \(t_{\mathsf {full}}\), which increases the complexity at most \(t_{\mathsf {full}}\) times.

  3. 3.

    Most of the time we have \(\varphi (X,k^*) \ne 0\) so that the pairs \((j,j')\) with \(W_j \oplus W_{j'} = \varphi (X,k^*)\) are such that \(W_j \ne W_{j'}\) with high probability. In that case \(\delta (W_j, \varphi (X,k)) = 1\) implies \(\delta (W_{j'}, \varphi (X,k)) = 0\) and conversely which yields a negative covariance.

References

  1. CHES 2017 Capture the Flag Challenge - The WhibOx Contest, An ECRYPT White-Box Cryptography Competition. https://whibox.cr.yp.to/. Accessed Oct 2017

  2. Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16

    CrossRef  Google Scholar 

  3. Biryukov, A., Udovenko, A.: Attacks and countermeasures for white-box designs. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 373–402. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_13

    CrossRef  Google Scholar 

  4. Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11

    CrossRef  Google Scholar 

  5. Bringer, J., Chabanne, H., Dottax, E.: Perturbing and protecting a traceable block cipher. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 109–119. Springer, Heidelberg (2006). https://doi.org/10.1007/11909033_10

    CrossRef  Google Scholar 

  6. Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. IACR Cryptology ePrint Archive 2006, 468 (2006)

    Google Scholar 

  7. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26

    CrossRef  Google Scholar 

  8. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    CrossRef  Google Scholar 

  9. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1

    CrossRef  Google Scholar 

  10. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17

    CrossRef  MATH  Google Scholar 

  11. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_25

    CrossRef  Google Scholar 

  12. Coron, J.-S., Kizhvatov, I.: Analysis and improvement of the random delay countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_7

    CrossRef  MATH  Google Scholar 

  13. Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 410–424. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_21

    CrossRef  Google Scholar 

  14. Fisher, R.A., Yates, F., et al.: Statistical tables for biological, agricultural and medical research. Statistical tables for biological, agricultural and medical research (1938)

    Google Scholar 

  15. Goubin, L., Paillier, P., Rivain, M., Wang, J.: How to reveal the secrets of an obscure white-box implementation. Cryptology ePrint Archive, Report 2018/098 (2018). https://eprint.iacr.org/2018/098

  16. Goubin, L., Patarin, J.: DES and differential power analysis the “Duplication” method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_15

    CrossRef  MATH  Google Scholar 

  17. Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19

    CrossRef  Google Scholar 

  18. Kerckhoffs, A.: La cryptographic militaire. J. Sci. Mil. IX, 5–38 (1883). https://www.petitcolas.net/kerckhoffs/crypto_militaire_1.pdf

  19. Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_14

    CrossRef  Google Scholar 

  20. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing Thesecrets of Smart Cards. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-38162-6

    CrossRef  MATH  Google Scholar 

  21. Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27

    CrossRef  Google Scholar 

  22. De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3

    CrossRef  Google Scholar 

  23. De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_21

    CrossRef  Google Scholar 

  24. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_28

    CrossRef  Google Scholar 

  25. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_13

    CrossRef  MATH  Google Scholar 

  26. Strobel, D., Paar, C.: An efficient method for eliminating random delays in power traces of embedded software. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 48–60. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_4

    CrossRef  Google Scholar 

  27. Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory, 2012. WIC (Werkgemeenschap voor Inform.-en Communicatietheorie) (2012)

    Google Scholar 

  28. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_44

    CrossRef  Google Scholar 

  29. Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Computer Science and its Applications, CSA 2009, pp. 1–6. IEEE (2009)

    Google Scholar 

Download references

Acknowledgment

The fourth author was supported by European Union’s Horizon 2020 research and innovation program under the Marie Skłodowska-Curie grant agreement No. 643161.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Junwei Wang .

Editor information

Editors and Affiliations

Appendices

A Success Probability of Higher-Order DCA (Proof of Theorem 1)

Consider a specific value \(w_j\) of the higher-order trace \(\varvec{w}\). Denote by \(\mathcal {A}\) the event that \(w_j\) corresponds to the combination of the correct shares. The probability of \(\mathcal {A}\) occurring, i.e. of choosing the correct d shares out of the t elements of the original computational trace \(\varvec{v}\), is \(p = \left( {\begin{array}{c}t\\ d\end{array}}\right) ^{-1}\).

Fix some plaintext and the corresponding trace. By the law of total probability, the probability that a value \(w_j\) of the d’th order trace is equal to a prediction \(s=\varphi (x,k)\) for some key guess k is

$$\begin{aligned} \Pr (w_j = s) = \Pr (w_j=s | \mathcal {A})\cdot \Pr (\mathcal {A})+ \Pr (w_j=s | \lnot \mathcal {A})\cdot \Pr (\lnot \mathcal {A}). \end{aligned}$$

For a wrong key guess, \(k^\times \ne k^*\), \(\Pr (w_j=s^{\times } | \mathcal {A}) = 0\), while for a right key guess \(\Pr (w_j=s^{*} | \mathcal {A}) = 1\). In both cases, we have \(\Pr (w_j=s | \lnot \mathcal {A}) = 1/|\mathcal {K}|\). In total:

$$\begin{aligned} p^\times&= \Pr (w_j = s^{\times }) = (1-p) / |\mathcal {K}|, \\ p^*&= \Pr (w_j = s^{*}) = p + (1-p) / |\mathcal {K}|. \end{aligned}$$

Thus, for N traces,

$$\begin{aligned} C_{k^\times }(\varvec{v}_{\phi (j)},(x_i)_i) \sim \text {Bin}(N,p^\times ) \end{aligned}$$

for a wrong key guess, and

$$\begin{aligned} C_{k^*}(\varvec{v}_{\phi (j)},(x_i)_i) \sim \text {Bin}(N,p^*) \end{aligned}$$

for a right key guess. Note that \(|\varvec{w}| = \left( {\begin{array}{c}t\\ d\end{array}}\right) \). Let \(X_1,\ldots ,X_{|\varvec{w}|}\) be distributed as \(\text {Bin}(N,p^{\times })\). Then \(\gamma _{k^\times } \sim \max X_i\), and we denote the CDF by \(F^\times _\text {max}(x)\). If the \(X_i\) were independent, we would have

$$\begin{aligned} F^{\times }_\text {max}(x)&= F(x;N,p^\times )^{\left( {\begin{array}{c}t\\ d\end{array}}\right) }. \end{aligned}$$

While the \(X_i\) are pairwise independent, they are not mutually independent. However, we find that in practice, the dependence is so weak that \(\gamma _{k^\times }\) approximately has CDF \(F_{\max }^\times \), even for small values of \(|\varvec{w}|\) and N. We define \(F^{*}_\text {max}(x)\) similarly.

The attack is successful if \(\gamma _{k^*} > \gamma _{k^\times }\) for all \(k^\times \). As there are \(|\mathcal {K}|-1\) wrong keys, and all \(\gamma _{k^\times }\) are independent and identically distributed, we have \(p_\text {succ} = \Pr ( \gamma _{k^*} > \gamma _{k^\times } ) ^ {|\mathcal {K}|-1}\), where

$$\begin{aligned} \Pr ( \gamma _{k^*} > \gamma _{k^\times } ) = \sum _{i=0}^N (F^*_\text {max}(i) - F^*_\text {max}(i-1)) \cdot F^{\times }_\text {max}(i-1). \end{aligned}$$

which concludes the proof.

B Proof of Proposition 1

Proof

By applying the Bayes’ rule, one gets (we skip random variables for the sake of clarity):

$$\begin{aligned} \Pr \big (k \mid (\varvec{v}_i)_i \wedge (x_i)_i \big ) = \frac{\Pr \big ((\varvec{v}_i)_i \mid k \wedge (x_i)_i \big ) \cdot \Pr \big (k \wedge (x_i)_i\big )}{\Pr \big ( (\varvec{v}_i)_i \wedge (x_i)_i\big )} \end{aligned}$$
(3)

By mutual independence of the \(X_i\)’s and K, we have \(\Pr \big (k \wedge (x_i)_i\big ) = \frac{1}{|\mathcal {K}|}\big (\frac{1}{|\mathcal {X}|}\big )^N\) for every \(k \in \mathcal {K}\). Moreover, \(\Pr \big ( (\varvec{v}_i)_i \wedge (x_i)_i\big )\) is constant with respect to k. We hence get

$$\begin{aligned} \Pr \big (k \mid (\varvec{v}_i)_i \wedge (x_i)_i \big ) \propto \Pr \big ((\varvec{v}_i)_i \mid k \wedge (x_i)_i \big ). \end{aligned}$$
(4)

By mutual independence of the \(\varvec{V}_i\)’s and the \(X_i\)’s we further deduce

$$\begin{aligned} \Pr \big ((\varvec{v}_i)_i \mid k \wedge (x_i)_i \big ) = \prod _{i=1}^N \Pr (\varvec{v}_i \mid k \wedge x_i). \end{aligned}$$
(5)

For the sake of simplicity we skip the index i in the following. By the law of total probability, we have

$$\begin{aligned} \Pr (\varvec{v}\mid k \wedge x) \, = \sum _{\phi (j)} \Pr (\mathcal {S}_{\phi (j)}) \cdot \Pr (\varvec{v}\mid k \wedge x \wedge \mathcal {S}_{\phi (j)}), \end{aligned}$$
(6)

where \(\mathcal {S}_{\phi (j)}\) denotes the event that the set \(\phi (j)\) is selected for the sharing of \(\varphi (X,K)\). By definition, we have

$$\begin{aligned} \Pr (\mathcal {S}_{\phi (j)}) = \frac{1}{\left( {\begin{array}{c}t\\ d\end{array}}\right) } \end{aligned}$$
(7)

and

$$\begin{aligned} \Pr (\varvec{v}\mid k \wedge x \wedge \mathcal {S}_{\phi (j)}) = {\left\{ \begin{array}{ll} \big (\frac{1}{|\mathcal {V}|}\big )^{t-1} &{} \text {if} \bigoplus \nolimits _{l\in \phi (j)} v_l = \varphi (x,k) \\ 0 &{} \text {otherwise} \end{array}\right. } \end{aligned}$$
(8)

which finally gives

$$\begin{aligned} \Pr (\varvec{v}\mid k \wedge x) \propto C_k(\varvec{v},x) ~. \end{aligned}$$
(9)

C Probability of the Zero-Counter Event (Proof of Lemma 1)

We first define \(\mathcal {Z}_k\) as the zero-counter event for key k for a single computational trace \(\varvec{V}\). Formally,

The zero-counter event \(\mathcal {Z}_{k}\) occurs if and only if none of the \(q = \left( {\begin{array}{c}t\\ d\end{array}}\right) \) combinations \(\bigoplus _{i\in \phi (j)} V_i\) match the predicted value \(\varphi (X,k)\). As discussed, \(\mathcal {Z}_{k^*}\) never occurs for the correct key guess \(k^*\). For the incorrect key guess \(k^{\times }\), intuitively, the zero-counter probability \(\Pr (\mathcal {Z}_{k^{\times }})\) should quickly become negligible as the number of combinations q grows. While all q combinations are not strictly independent, we can approximate the probability of \(\mathcal {Z}_{k^{\times }}\) by:

$$\begin{aligned} \Pr (\mathcal {Z}_{k^{\times }}) \approx \Big (1 - \frac{1}{|\mathcal {V}|} \Big )^q. \end{aligned}$$
(10)

We verified this approximation by estimating the zero-counter probability over some sampled computation traces. As illustrated it Table 3, the obtained estimations match the approximation pretty well.

Table 3. Approximation and estimation of the zero-counter probability.

Then, by definition, the zero-counter event for N traces is the union

$$\begin{aligned} \mathcal {U}_{k} = \mathcal {Z}_k^{(1)} \vee \mathcal {Z}_k^{(2)} \vee \cdots \vee \mathcal {Z}_k^{(N)}, \end{aligned}$$

where \(\mathcal {Z}_k^{(i)}\) denotes the zero-counter event for k on trace \(\varvec{V}_i\). Taking the negation we obtain \(\lnot \, \mathcal {U}_{k^{\times }} = (\lnot \mathcal {Z}_k^{(1)}) \wedge (\lnot \mathcal {Z}_k^{(2)}) \wedge \cdots \wedge (\lnot \mathcal {Z}_k^{(N)})\), and since the zero events \(\mathcal {Z}_{k^{\times }}^{(i)}\) are mutually independent, we get

$$\begin{aligned} \Pr (\mathcal {U}_{k^{\times }}) = 1 - \prod _{i=1}^N \Pr (\lnot \mathcal {Z}_{k^{\times }}^{(i)}) = 1 - \big (1 - \Pr (\mathcal {Z}_{k^{\times }})\big )^N. \end{aligned}$$

This finishes the proof of Lemma 1.

D Success Probability with No Zero Counters (Proof of Lemma 2)

If the zero counter event does not occur, we can think of each trace \(\varvec{V}_i\) as a random variable uniformly distributed over \(\mathcal {V}^t\). Since the public input \(X_i\) is also random, the counters \(C_{k}(\varvec{V},X)\) follow some probability distribution. In order to prove Lemma 2, we first prove the following result regarding these distributions.

Lemma 3

Let \(k^*\) and \(k^\times \) be a right and wrong key guess. Let \(q=\left( {\begin{array}{c}t\\ d\end{array}}\right) \) and \(\kappa = (q-1)\frac{1}{|\mathcal {V}|}\). Then for a trace of length t and a d’th-order attack,

$$\begin{aligned} C_{k^*}(\varvec{V},X) \sim \mathcal {N}(\kappa +1 , \kappa ) ~~~ \text {and} ~~~ C_{k^\times }(\varvec{V},X) \sim \mathcal {N}(\kappa , \kappa ), \end{aligned}$$

where \(\mathcal {N}(\mu , \sigma ^2 )\) denotes the normal distribution with mean \(\mu \) and variance \(\sigma ^2\).

Proof

Let \(\delta : \mathcal {V}^2 \rightarrow \{0,1\}\) be the function defined as

$$\begin{aligned} \delta (v_1,v_2) = {\left\{ \begin{array}{ll} 1 &{} \text {if }v_1=v_2,\\ 0 &{} \text {otherwise}. \end{array}\right. } \end{aligned}$$

The counter \(C_{k}(\varvec{V},X)\) can be rewritten as a sum \(C_{k}(\varvec{V},X) = \sum _{j=1}^q\) \(\delta (W_j, \varphi (X,k))\), where the variables \((W_j)_j\) are defined as the \(q = \left( {\begin{array}{c}t\\ d\end{array}}\right) \) combinations \(\bigoplus _{i\in \phi (j)} V_i\). We recall that for one index j we have \(W_j = \varphi (X,k^*)\), whereas for the other indices the \(W_j\) are randomly distributed independently of X. The counter expectation then satisfies

$$\begin{aligned} \mathrm {E}\big (C_{k}(\varvec{V},X)\big ) = \sum _{j=1}^q \mathrm {E}\big (\delta (W_j, \varphi (X,k))\big ) = {\left\{ \begin{array}{ll} (q-1) \frac{1}{|\mathcal {V}|} &{}\text {if } k \ne k^*, \\ (q-1) \frac{1}{|\mathcal {V}|} +1 &{}\text {if } k = k^*. \\ \end{array}\right. } \end{aligned}$$

On the other hand, the counter variance can be expressed as:

$$\begin{aligned} \mathrm {Var}\big (C_{k}(\varvec{V},X)\big )&= \sum _{j=1}^q \mathrm {Var}\big (\delta (W_j, \varphi (X,k)) \big ) \\&+ 2 \sum _{1\le j < j' \le q} \mathrm {Cov}\big (\delta (W_j, \varphi (X,k)), \delta (W_{j'}, \varphi (X,k)) \big ). \end{aligned}$$

It can be checked that the covariances will be equal to 0 most of the time. Indeed, the covariances are non-zero only when \(W_j \oplus W_{j'} = \varphi (X,k^*)\), which never happens when d is odd and which happens for few pairs \((j,j')\) when d is even. Therefore these covariance terms will only have a small impact on the overall variance. Moreover, it can be checked that this impact is negative, i.e. it reduces the variance.Footnote 3 Therefore we will ignore the sum of covariances, which yields a correct result when d is odd and a slight overestimation when d is even. We then have

$$\begin{aligned} \mathrm {Var}\big (\delta (W_j, \varphi (X,k)) \big ) = {\left\{ \begin{array}{ll} \frac{1}{|\mathcal {V}|} \big (1-\frac{1}{|\mathcal {V}|}\big ) &{}\text {if } j \ne j^*, \\ 0 &{}\text {if } j = j^*, \\ \end{array}\right. } \end{aligned}$$

where \(j^*\) denotes the index of the right combination matching \(\varphi (X,k^*)\). Combining the two above equations gives:

$$\begin{aligned} \mathrm {Var}\big (C_{k}(\varvec{V},X)\big ) = (q-1)\frac{1}{|\mathcal {V}|} \Big (1-\frac{1}{|\mathcal {V}|}\Big ) \approx (q-1)\frac{1}{|\mathcal {V}|}. \end{aligned}$$

Since the counter is defined as a sum of somewhat independent random variables, we can soundly approximate its distribution by a Gaussian, and setting \(\kappa = (q-1)\frac{1}{|\mathcal {V}|}\) concludes the proof.    \(\square \)

In the above proof, we use that the \(\delta (W_j, \varphi (X,k))\) are somewhat independent. By somewhat independent we mean that these variables are pairwise independent (for most or all of them, as discussed). Note that variants of the central limit theorem exist that take some form of dependence between the summed variables into account. We have experimentally verified that the Gaussian approximation is sound for various parameters (td).

Using Lemma 3, we can now prove Lemma 2. Following Remark 1, we will focus on the log-likelihood, i.e. we consider

$$\begin{aligned} \Pr (\ell _{k^*}> \ell _{k^\times } \mid \lnot \,\mathcal {U}_{k^\times })&= \Pr \big (\log \ell _{k^*} - \log \ell _{k^{\times }} > 0 \mid \lnot \,\mathcal {U}_{k^\times } \big ), \\ \log \ell _{k^*} - \log \ell _{k^{\times }}&= \sum _{i=1}^N \underbrace{\log {C_{k^*}(\varvec{V}_i,X_i)} - \log {C_{k^\times }(\varvec{V}_i,X_i)}}_{Y_i}. \end{aligned}$$

As introduced above, we denote by \(Y_i\) the difference between the log-counters for the trace \(\varvec{V}_i\). Since the \(Y_i\) are mutually independent and identically distributed, the central limit theorem implies that, for N sufficiently large,

$$\begin{aligned} \frac{1}{N} (\log \ell _{k^*} - \log \ell _{k^{\times }}) \sim \mathcal {N}\big (\mu _{Y}, \sigma _Y^2 N^{-1}\big ) ~~~ \text {with}~~ {\left\{ \begin{array}{ll} \mu _Y = \mathrm {E}(Y), \\ \sigma ^2_Y = \mathrm {Var}(Y), \end{array}\right. } \end{aligned}$$

for \(Y = \log {C_{k^*}(\varvec{V},X)} - \log {C_{k^\times }(\varvec{V},X)}\). Thus

$$\begin{aligned} \Pr (\ell _{k^*} > \ell _{k^\times } \mid \lnot \,\mathcal {U}_{k^\times }) = 1 - \varPhi _{\mu _Y, {\sigma ^2_Y}/N}(0) = \frac{1}{2} + \frac{1}{2} \mathrm {erf} \Big ( \frac{\sqrt{N} \,\mu _Y}{\sqrt{2} \, \sigma _Y}\Big ), \end{aligned}$$
(11)

where \(\varPhi _{\mu ,\sigma }\) is the CDF of \(\mathcal {N}(\mu ,\sigma ^2)\). By the heuristic assumption that \(C_{k^*}(\varvec{V},X)\) and \(C_{k^\times }(\varvec{V},X)\) are mutually independent, and using the Taylor expansion of the logarithm at , as well as Lemma 3, we have

$$\begin{aligned} \mu _Y \approx \log (\kappa +1) - \frac{\kappa }{2 (\kappa +1)^2} - \log \kappa + \frac{\kappa }{2 \kappa ^2} \approx \frac{1}{\kappa }, \quad \text {and} \quad \sigma ^2_Y \approx 2 \frac{\kappa }{\kappa ^2} = \frac{2}{\kappa }, \end{aligned}$$

where the approximation of the mean is sound if \(\kappa \) is large enough (e.g. \(\kappa > 10\)). Inserting these approximations into Eq. 11, remembering that \(\kappa = (q-1)\frac{1}{|\mathcal {V}|} \approx \frac{q}{|\mathcal {V}|}\), finishes the proof.

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Bogdanov, A., Rivain, M., Vejre, P.S., Wang, J. (2019). Higher-Order DCA against Standard Side-Channel Countermeasures. In: Polian, I., Stöttinger, M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2019. Lecture Notes in Computer Science(), vol 11421. Springer, Cham. https://doi.org/10.1007/978-3-030-16350-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-16350-1_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-16349-5

  • Online ISBN: 978-3-030-16350-1

  • eBook Packages: Computer ScienceComputer Science (R0)