Advertisement

Information Theoretic Comparison of Side-Channel Distinguishers: Inter-class Distance, Confusion, and Success

  • Annelie Heuser
  • Olivier Rioul
  • Sylvain Guilley
  • Jean-Luc Danger
Chapter

Abstract

Different side-channel distinguishers have different efficiencies. Their fair comparison is a difficult task because many factors come into play—in particular, their intrinsic statistical properties and the quality of their estimation.

In this work, we first evaluate two related information-theoretic distinguishers: mutual information analysis and inter-class information analysis. The latter requires the same underlying probability distributions but uses a different comparing strategy. These distinguishers are not only interesting on their own and suitable for a mathematical study, but they also exhibit an example where the theoretical and empirical evaluation framework agree. The IIA was found to distinguish better than MIA in theory as well as in practice.

Moreover, we develop a new metric, called success metric, capturing the relevant parameters of the success rate, while providing more feedback about the distinguishing power. We additionally state closed-form expressions of the theoretical success metric for additive distinguisher like CPA and DPA and highlight that these expressions are much more convenient than for the theoretical success rate. In the case of a low signal-to-noise ratio (realistic practical condition), we derive the conditions on the cipher’s substitution boxes (sboxes) to minimize the success metric (hence the success rate). This result supersedes a previous characterization on sboxes known as transparency order, which is derived from a metric on a distinguisher, and not from a success metric/rate. Moreover, we are also able to formulate a closed-form expression for MIA, which has not been shown before.

Notes

Acknowledgements

Annelie Heuser is partly founded by the Google Doctoral European Fellowship in the field of privacy.

References

  1. 1.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Side-channel Leakage and Trace Compression Using Normalized Inter-class Variance, ACM, Minneapolis, Minnesota Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, Minneapolis, Minnesota, pp. 7:1–7:9 (2014) doi: 10.1145/2611765.2611772, http://doi.acm.org/10.1145/2611765.2611772
  2. 2.
    Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2009, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 112–127. Springer (2009)Google Scholar
  3. 3.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)CrossRefMathSciNetMATHGoogle Scholar
  4. 4.
    Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems – CHES 2004, Cambridge. Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004)Google Scholar
  5. 5.
    Carlet, C.: On highly nonlinear S-boxes and their inability to thwart DPA attacks. In: INDOCRYPT, Bangalore. Lecture Notes in Computer Science, vol. 3797, pp. 49–62. Springer (2005)Google Scholar
  6. 6.
    Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 493–507 (1952)CrossRefMathSciNetMATHGoogle Scholar
  7. 7.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience, Hoboken (2006). ISBN-10: ISBN-10: 0471241954, ISBN-13: 978-0471241959Google Scholar
  8. 8.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)CrossRefGoogle Scholar
  9. 9.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2012, Leuven. Lecture Notes in Computer Science, vol. 7428, pp. 233–250. Springer (2012)Google Scholar
  10. 10.
    Fisher, R.A.: Statistical Methods for Research Workers. Oliver and Boyd, Edinburgh (1925). http://psychclassics.yorku.ca/Fisher/Methods/
  11. 11.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: 10th International Workshop on Cryptographic Hardware and Embedded Systems – CHES 2008, Washington, DC. Lecture Notes in Computer Science, vol. 5154, pp. 426–442. Springer (2008)Google Scholar
  12. 12.
    Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Kluwer (ed.) Proceedings of WCC/CARDIS, Toulouse, pp. 127–142 (2004). doi: 10.1007/1-4020-8147-2_9
  13. 13.
    Heuser, A., Rioul, O., Guilley, S.: A Theoretical study of Kolmogorov-Smirnov distinguishers – side-channel analysis vs. differential cryptanalysis. In: COSADE, pp. 9–28 (2014). http://dx.doi.org/10.1007/10.1007/978-3-319-10175-0_2
  14. 14.
    Heuser, A., Kasper, M., Schindler, W., Stottinger, M.: How a symmetry metric assists side-channel evaluation – a novel model verification method for power analysis. In: Proceedings of the 2011 14th Euromicro Conference on Digital System Design (DSD ’11), Oulu, pp. 674–681. IEEE Computer Society, Washington, DC, (2011). doi: 10.1109/DSD.2011.91. http://dx.doi.org/10.1109/DSD.2011.91
  15. 15.
    Kardaun, O.: Classical Methods of Statistics. Springer, Berlin/New York (2005)MATHGoogle Scholar
  16. 16.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of CRYPTO’99, Santa Barbara. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999)Google Scholar
  17. 17.
    Le, T.H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC, Kobe. Lecture Notes in Computer Science, vol. 6434, pp. 285–300. Springer (2010)Google Scholar
  18. 18.
    Maghrebi, H., Rioul, O., Guilley, S., Danger, J.L.: Comparison between side channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS, Hong Kong. Lecture Notes in Computer Science, vol. 7618, pp. 331–340. Springer (2012)Google Scholar
  19. 19.
    Mangard, S., Oswald, E., Standaert, F.X.: One for all – all for one: unifying standard DPA attacks. Inf. Secur. IET 5(2), 100–111 (2011). ISSN: 1751-8709; doi:10.1049/iet-ifs.2010.0096Google Scholar
  20. 20.
    Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Process. 16(3), 233–248 (1989). http://www.sciencedirect.com/science/article/B6V18-48V26YR-MK/1/47d01a088dc7fbf6882c73ec582c81a2
  21. 21.
    Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a Gaussian assumption. In: WISA (10th International Workshop on Information Security Applications), Busan. Lecture Notes in Computer Science, vol. 5932, pp. 193–205. Springer (2009)Google Scholar
  22. 22.
    Prouff, E.: DPA attacks and S-boxes. In: FSE, Paris. Lecture Notes in Computer Science, vol. 3557, pp. 424–441. Springer, (2005). http://www.springerlink.com/
  23. 23.
    Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Springer (ed.) ACNS, Paris-Rocquencourt. Lecture Notes in Computer Science, vol. 5536, pp. 499–518 (2009)CrossRefGoogle Scholar
  24. 24.
    Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Appl. Cryptogr. (IJACT) 2(2), 121–138 (2010)Google Scholar
  25. 25.
    Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)CrossRefMathSciNetGoogle Scholar
  26. 26.
    Rao, C.R.: Linear Statistical Inference and its Applications, 2nd edn. Wiley, New York (1973)CrossRefMATHGoogle Scholar
  27. 27.
    Rivain, M.: On the exact success rate of side channel analysis in the Gaussian model. In: Selected Areas in Cryptography, Sackville. Lecture Notes in Computer Science, vol. 5381, pp. 165–183. Springer (2008)Google Scholar
  28. 28.
    Rogaway, P. (ed.): Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841. Springer (2011)Google Scholar
  29. 29.
    Rudin, W.: Principles of Mathematical Analysis, 3rd edn. International Series in Pure and Applied Mathematics. McGraw-Hill, New York (1976).MATHGoogle Scholar
  30. 30.
    Saon, G., Padmanabhan, M.: Minimum Bayes error feature selection for continuous speech recognition. In: Leen, T.K., Dietterich, T.G., Tresp, V. (eds.) NIPS, Denver, pp. 800–806. MIT (2000)Google Scholar
  31. 31.
    Silverman, B.W., Green, P.J.: Density Estimation for Statistics and Data Analysis. Chapman and Hall, London (1986)CrossRefMATHGoogle Scholar
  32. 32.
    Standaert, F.X.: Introduction to side-channel attacks secure integrated circuits and systems. In: Verbauwhede, I.M.R. (ed.) Secure Integrated Circuits and Systems. Integrated Circuits and Systems, chap. 2, pp. 27–42. Springer, Boston (2010). doi: 10.1007/978-0-387-71829-3_2. http://dx.doi.org/10.1007/978-0-387-71829-3_2
  33. 33.
    Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517
  34. 34.
    Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, Cologne. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009)Google Scholar
  35. 35.
    Standaert, F.X., Peeters, É., Rouvroy, G., Quisquater, J.J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006). (Invited Paper)Google Scholar
  36. 36.
    Tchebichef, P.: Des valeurs moyennes. Journal de mathématiques pures et appliqués 12(2), 177–184 (1867)Google Scholar
  37. 37.
    Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.S. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2013, Santa Barbara. Lecture Notes in Computer Science, vol. 8086, pp. 21–36. Springer (2013)Google Scholar
  38. 38.
    Veyrat-Charvillon, N., Standaert, F.X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 429–443. Springer (2009)Google Scholar
  39. 39.
    Veyrat-Charvillon, N., Standaert, F.X.: Generic side-channel distinguishers: improvements and limitations. In: Rogaway (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 354–372. Springer (2011)Google Scholar
  40. 40.
    Whitnall, C., Oswald, E.: A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework. In: Rogaway, P. (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 316–334. Springer (2011)Google Scholar
  41. 41.
    Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)CrossRefGoogle Scholar
  42. 42.
    Whitnall, C., Oswald, E., Mather, L.: An exploration of the Kolmogorov-Smirnov test as a competitor to mutual information analysis. In: E. Prouff (ed.) CARDIS, Leuven. Lecture Notes in Computer Science, vol. 7079, pp. 234–251. Springer (2011)Google Scholar
  43. 43.
    Whitnall, C., Oswald, E., Standaert, F.X.: The Myth of Generic DPA and the Magic of Learning. Cryptology ePrint Archive, Report 2012/256 (2012). http://eprint.iacr.org/2012/256
  44. 44.
    Zhao, H., Zhou, Y., Standaert, F.X., Zhang, H.: Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test based Side-Channel Distinguishers. Cryptology ePrint Archive, Report 2013/091 (2013). http://eprint.iacr.org/2013/091

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Annelie Heuser
    • 1
  • Olivier Rioul
    • 1
  • Sylvain Guilley
    • 1
  • Jean-Luc Danger
    • 1
  1. 1.Department ComelecTelecom ParisTech, Institut Mines-Telecom, CNRS LTCIParis Cedex 13France

Personalised recommendations