Skip to main content
SpringerLink
Log in

Information Theoretic Comparison of Side-Channel Distinguishers: Inter-class Distance, Confusion, and Success

  • Chapter
  • First Online:
Trusted Computing for Embedded Systems

Abstract

Different side-channel distinguishers have different efficiencies. Their fair comparison is a difficult task because many factors come into play—in particular, their intrinsic statistical properties and the quality of their estimation.

In this work, we first evaluate two related information-theoretic distinguishers: mutual information analysis and inter-class information analysis. The latter requires the same underlying probability distributions but uses a different comparing strategy. These distinguishers are not only interesting on their own and suitable for a mathematical study, but they also exhibit an example where the theoretical and empirical evaluation framework agree. The IIA was found to distinguish better than MIA in theory as well as in practice.

Moreover, we develop a new metric, called success metric, capturing the relevant parameters of the success rate, while providing more feedback about the distinguishing power. We additionally state closed-form expressions of the theoretical success metric for additive distinguisher like CPA and DPA and highlight that these expressions are much more convenient than for the theoretical success rate. In the case of a low signal-to-noise ratio (realistic practical condition), we derive the conditions on the cipher’s substitution boxes (sboxes) to minimize the success metric (hence the success rate). This result supersedes a previous characterization on sboxes known as transparency order, which is derived from a metric on a distinguisher, and not from a success metric/rate. Moreover, we are also able to formulate a closed-form expression for MIA, which has not been shown before.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Another reason is that differential entropy is not “coordinate-free” – it depends on the underlying coordinate system.

  2. 2.

    Note that, unlike in our previous definitions, the random variable Y is also continuous in this example. Thus sums have to be replaced by integrals.

  3. 3.

    Note that this equivalence of metrics is not the same as the equivalence between distinguishers stated in [8].

  4. 4.

    A well-known information-theoretic property commonly referred to as “mixing increases entropy”.

  5. 5.

    Interestingly, it is not true that II(X; Y ) ≥ I(X; Y ) for general random variables X and Y. For example, we can find a counterexample when X, Y are binary variables with small p(x | y) for all x, y ≠ 0.

  6. 6.

    In [27] the term exact instead of theoretical is used.

  7. 7.

    Note that, in some publications, the relative distinguishing margin is also called nearest-rival distinguishing score.

  8. 8.

    Note that, a similar model was also implicitly used in [9, 37].

  9. 9.

    Namely \(\left [\kappa (k^{{\ast}},i,j)\right ]_{(i,j)\in \mathcal{K}\setminus \{0\}}\) and \(\left [\kappa (k^{{\ast}},i) \times \kappa (k^{{\ast}},j)\right ]_{(i,j)\in \mathcal{K}\setminus \{0\}}\).

  10. 10.

    One can easily extend the calculation also for the Hamming distance model.

References

  1. Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Side-channel Leakage and Trace Compression Using Normalized Inter-class Variance, ACM, Minneapolis, Minnesota Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, Minneapolis, Minnesota, pp. 7:1–7:9 (2014) doi: 10.1145/2611765.2611772, http://doi.acm.org/10.1145/2611765.2611772

  2. Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2009, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 112–127. Springer (2009)

    Google Scholar 

  3. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  4. Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems – CHES 2004, Cambridge. Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004)

    Google Scholar 

  5. Carlet, C.: On highly nonlinear S-boxes and their inability to thwart DPA attacks. In: INDOCRYPT, Bangalore. Lecture Notes in Computer Science, vol. 3797, pp. 49–62. Springer (2005)

    Google Scholar 

  6. Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 493–507 (1952)

    Article  MathSciNet  MATH  Google Scholar 

  7. Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience, Hoboken (2006). ISBN-10: ISBN-10: 0471241954, ISBN-13: 978-0471241959

    Google Scholar 

  8. Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  9. Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2012, Leuven. Lecture Notes in Computer Science, vol. 7428, pp. 233–250. Springer (2012)

    Google Scholar 

  10. Fisher, R.A.: Statistical Methods for Research Workers. Oliver and Boyd, Edinburgh (1925). http://psychclassics.yorku.ca/Fisher/Methods/

  11. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: 10th International Workshop on Cryptographic Hardware and Embedded Systems – CHES 2008, Washington, DC. Lecture Notes in Computer Science, vol. 5154, pp. 426–442. Springer (2008)

    Google Scholar 

  12. Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Kluwer (ed.) Proceedings of WCC/CARDIS, Toulouse, pp. 127–142 (2004). doi:10.1007/1-4020-8147-2_9

  13. Heuser, A., Rioul, O., Guilley, S.: A Theoretical study of Kolmogorov-Smirnov distinguishers – side-channel analysis vs. differential cryptanalysis. In: COSADE, pp. 9–28 (2014). http://dx.doi.org/10.1007/10.1007/978-3-319-10175-0_2

  14. Heuser, A., Kasper, M., Schindler, W., Stottinger, M.: How a symmetry metric assists side-channel evaluation – a novel model verification method for power analysis. In: Proceedings of the 2011 14th Euromicro Conference on Digital System Design (DSD ’11), Oulu, pp. 674–681. IEEE Computer Society, Washington, DC, (2011). doi:10.1109/DSD.2011.91. http://dx.doi.org/10.1109/DSD.2011.91

  15. Kardaun, O.: Classical Methods of Statistics. Springer, Berlin/New York (2005)

    MATH  Google Scholar 

  16. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of CRYPTO’99, Santa Barbara. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999)

    Google Scholar 

  17. Le, T.H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC, Kobe. Lecture Notes in Computer Science, vol. 6434, pp. 285–300. Springer (2010)

    Google Scholar 

  18. Maghrebi, H., Rioul, O., Guilley, S., Danger, J.L.: Comparison between side channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS, Hong Kong. Lecture Notes in Computer Science, vol. 7618, pp. 331–340. Springer (2012)

    Google Scholar 

  19. Mangard, S., Oswald, E., Standaert, F.X.: One for all – all for one: unifying standard DPA attacks. Inf. Secur. IET 5(2), 100–111 (2011). ISSN: 1751-8709; doi:10.1049/iet-ifs.2010.0096

    Google Scholar 

  20. Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Process. 16(3), 233–248 (1989). http://www.sciencedirect.com/science/article/B6V18-48V26YR-MK/1/47d01a088dc7fbf6882c73ec582c81a2

  21. Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a Gaussian assumption. In: WISA (10th International Workshop on Information Security Applications), Busan. Lecture Notes in Computer Science, vol. 5932, pp. 193–205. Springer (2009)

    Google Scholar 

  22. Prouff, E.: DPA attacks and S-boxes. In: FSE, Paris. Lecture Notes in Computer Science, vol. 3557, pp. 424–441. Springer, (2005). http://www.springerlink.com/

  23. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Springer (ed.) ACNS, Paris-Rocquencourt. Lecture Notes in Computer Science, vol. 5536, pp. 499–518 (2009)

    Article  Google Scholar 

  24. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Appl. Cryptogr. (IJACT) 2(2), 121–138 (2010)

    Google Scholar 

  25. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  26. Rao, C.R.: Linear Statistical Inference and its Applications, 2nd edn. Wiley, New York (1973)

    Book  MATH  Google Scholar 

  27. Rivain, M.: On the exact success rate of side channel analysis in the Gaussian model. In: Selected Areas in Cryptography, Sackville. Lecture Notes in Computer Science, vol. 5381, pp. 165–183. Springer (2008)

    Google Scholar 

  28. Rogaway, P. (ed.): Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841. Springer (2011)

    Google Scholar 

  29. Rudin, W.: Principles of Mathematical Analysis, 3rd edn. International Series in Pure and Applied Mathematics. McGraw-Hill, New York (1976).

    MATH  Google Scholar 

  30. Saon, G., Padmanabhan, M.: Minimum Bayes error feature selection for continuous speech recognition. In: Leen, T.K., Dietterich, T.G., Tresp, V. (eds.) NIPS, Denver, pp. 800–806. MIT (2000)

    Google Scholar 

  31. Silverman, B.W., Green, P.J.: Density Estimation for Statistics and Data Analysis. Chapman and Hall, London (1986)

    Book  MATH  Google Scholar 

  32. Standaert, F.X.: Introduction to side-channel attacks secure integrated circuits and systems. In: Verbauwhede, I.M.R. (ed.) Secure Integrated Circuits and Systems. Integrated Circuits and Systems, chap. 2, pp. 27–42. Springer, Boston (2010). doi:10.1007/978-0-387-71829-3_2. http://dx.doi.org/10.1007/978-0-387-71829-3_2

  33. Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517

  34. Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, Cologne. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009)

    Google Scholar 

  35. Standaert, F.X., Peeters, É., Rouvroy, G., Quisquater, J.J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006). (Invited Paper)

    Google Scholar 

  36. Tchebichef, P.: Des valeurs moyennes. Journal de mathématiques pures et appliqués 12(2), 177–184 (1867)

    Google Scholar 

  37. Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.S. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2013, Santa Barbara. Lecture Notes in Computer Science, vol. 8086, pp. 21–36. Springer (2013)

    Google Scholar 

  38. Veyrat-Charvillon, N., Standaert, F.X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 429–443. Springer (2009)

    Google Scholar 

  39. Veyrat-Charvillon, N., Standaert, F.X.: Generic side-channel distinguishers: improvements and limitations. In: Rogaway (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 354–372. Springer (2011)

    Google Scholar 

  40. Whitnall, C., Oswald, E.: A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework. In: Rogaway, P. (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 316–334. Springer (2011)

    Google Scholar 

  41. Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)

    Article  Google Scholar 

  42. Whitnall, C., Oswald, E., Mather, L.: An exploration of the Kolmogorov-Smirnov test as a competitor to mutual information analysis. In: E. Prouff (ed.) CARDIS, Leuven. Lecture Notes in Computer Science, vol. 7079, pp. 234–251. Springer (2011)

    Google Scholar 

  43. Whitnall, C., Oswald, E., Standaert, F.X.: The Myth of Generic DPA and the Magic of Learning. Cryptology ePrint Archive, Report 2012/256 (2012). http://eprint.iacr.org/2012/256

  44. Zhao, H., Zhou, Y., Standaert, F.X., Zhang, H.: Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test based Side-Channel Distinguishers. Cryptology ePrint Archive, Report 2013/091 (2013). http://eprint.iacr.org/2013/091

Download references

Acknowledgements

Annelie Heuser is partly founded by the Google Doctoral European Fellowship in the field of privacy.

Author information

Authors and Affiliations

  1. Department Comelec, Telecom ParisTech, Institut Mines-Telecom, CNRS LTCI, 46 rue Barrault, 75 634, Paris Cedex 13, France

    Annelie Heuser, Olivier Rioul, Sylvain Guilley & Jean-Luc Danger

Authors
  1. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Rioul
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Annelie Heuser .

Editor information

Editors and Affiliations

  1. Thales Communications, Colombes, France

    Bernard Candaele

  2. Department of Computer Science, National Technical University of Athens, Athens, Greece

    Dimitrios Soudris

  3. Department of Computer Science, National Technical University of Athens, Athens, Greece

    Iraklis Anagnostopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Heuser, A., Rioul, O., Guilley, S., Danger, JL. (2015). Information Theoretic Comparison of Side-Channel Distinguishers: Inter-class Distance, Confusion, and Success. In: Candaele, B., Soudris, D., Anagnostopoulos, I. (eds) Trusted Computing for Embedded Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-09420-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09420-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09419-9

  • Online ISBN: 978-3-319-09420-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation