Abstract
Different side-channel distinguishers have different efficiencies. Their fair comparison is a difficult task because many factors come into play—in particular, their intrinsic statistical properties and the quality of their estimation.
In this work, we first evaluate two related information-theoretic distinguishers: mutual information analysis and inter-class information analysis. The latter requires the same underlying probability distributions but uses a different comparing strategy. These distinguishers are not only interesting on their own and suitable for a mathematical study, but they also exhibit an example where the theoretical and empirical evaluation framework agree. The IIA was found to distinguish better than MIA in theory as well as in practice.
Moreover, we develop a new metric, called success metric, capturing the relevant parameters of the success rate, while providing more feedback about the distinguishing power. We additionally state closed-form expressions of the theoretical success metric for additive distinguisher like CPA and DPA and highlight that these expressions are much more convenient than for the theoretical success rate. In the case of a low signal-to-noise ratio (realistic practical condition), we derive the conditions on the cipher’s substitution boxes (sboxes) to minimize the success metric (hence the success rate). This result supersedes a previous characterization on sboxes known as transparency order, which is derived from a metric on a distinguisher, and not from a success metric/rate. Moreover, we are also able to formulate a closed-form expression for MIA, which has not been shown before.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Another reason is that differential entropy is not “coordinate-free” – it depends on the underlying coordinate system.
- 2.
Note that, unlike in our previous definitions, the random variable Y is also continuous in this example. Thus sums have to be replaced by integrals.
- 3.
Note that this equivalence of metrics is not the same as the equivalence between distinguishers stated in [8].
- 4.
A well-known information-theoretic property commonly referred to as “mixing increases entropy”.
- 5.
Interestingly, it is not true that II(X; Y ) ≥ I(X; Y ) for general random variables X and Y. For example, we can find a counterexample when X, Y are binary variables with small p(x | y) for all x, y ≠ 0.
- 6.
In [27] the term exact instead of theoretical is used.
- 7.
Note that, in some publications, the relative distinguishing margin is also called nearest-rival distinguishing score.
- 8.
- 9.
Namely \(\left [\kappa (k^{{\ast}},i,j)\right ]_{(i,j)\in \mathcal{K}\setminus \{0\}}\) and \(\left [\kappa (k^{{\ast}},i) \times \kappa (k^{{\ast}},j)\right ]_{(i,j)\in \mathcal{K}\setminus \{0\}}\).
- 10.
One can easily extend the calculation also for the Hamming distance model.
References
Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Side-channel Leakage and Trace Compression Using Normalized Inter-class Variance, ACM, Minneapolis, Minnesota Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, Minneapolis, Minnesota, pp. 7:1–7:9 (2014) doi: 10.1145/2611765.2611772, http://doi.acm.org/10.1145/2611765.2611772
Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2009, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 112–127. Springer (2009)
Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)
Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems – CHES 2004, Cambridge. Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004)
Carlet, C.: On highly nonlinear S-boxes and their inability to thwart DPA attacks. In: INDOCRYPT, Bangalore. Lecture Notes in Computer Science, vol. 3797, pp. 49–62. Springer (2005)
Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 493–507 (1952)
Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience, Hoboken (2006). ISBN-10: ISBN-10: 0471241954, ISBN-13: 978-0471241959
Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)
Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2012, Leuven. Lecture Notes in Computer Science, vol. 7428, pp. 233–250. Springer (2012)
Fisher, R.A.: Statistical Methods for Research Workers. Oliver and Boyd, Edinburgh (1925). http://psychclassics.yorku.ca/Fisher/Methods/
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: 10th International Workshop on Cryptographic Hardware and Embedded Systems – CHES 2008, Washington, DC. Lecture Notes in Computer Science, vol. 5154, pp. 426–442. Springer (2008)
Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Kluwer (ed.) Proceedings of WCC/CARDIS, Toulouse, pp. 127–142 (2004). doi:10.1007/1-4020-8147-2_9
Heuser, A., Rioul, O., Guilley, S.: A Theoretical study of Kolmogorov-Smirnov distinguishers – side-channel analysis vs. differential cryptanalysis. In: COSADE, pp. 9–28 (2014). http://dx.doi.org/10.1007/10.1007/978-3-319-10175-0_2
Heuser, A., Kasper, M., Schindler, W., Stottinger, M.: How a symmetry metric assists side-channel evaluation – a novel model verification method for power analysis. In: Proceedings of the 2011 14th Euromicro Conference on Digital System Design (DSD ’11), Oulu, pp. 674–681. IEEE Computer Society, Washington, DC, (2011). doi:10.1109/DSD.2011.91. http://dx.doi.org/10.1109/DSD.2011.91
Kardaun, O.: Classical Methods of Statistics. Springer, Berlin/New York (2005)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of CRYPTO’99, Santa Barbara. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999)
Le, T.H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC, Kobe. Lecture Notes in Computer Science, vol. 6434, pp. 285–300. Springer (2010)
Maghrebi, H., Rioul, O., Guilley, S., Danger, J.L.: Comparison between side channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS, Hong Kong. Lecture Notes in Computer Science, vol. 7618, pp. 331–340. Springer (2012)
Mangard, S., Oswald, E., Standaert, F.X.: One for all – all for one: unifying standard DPA attacks. Inf. Secur. IET 5(2), 100–111 (2011). ISSN: 1751-8709; doi:10.1049/iet-ifs.2010.0096
Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Process. 16(3), 233–248 (1989). http://www.sciencedirect.com/science/article/B6V18-48V26YR-MK/1/47d01a088dc7fbf6882c73ec582c81a2
Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a Gaussian assumption. In: WISA (10th International Workshop on Information Security Applications), Busan. Lecture Notes in Computer Science, vol. 5932, pp. 193–205. Springer (2009)
Prouff, E.: DPA attacks and S-boxes. In: FSE, Paris. Lecture Notes in Computer Science, vol. 3557, pp. 424–441. Springer, (2005). http://www.springerlink.com/
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Springer (ed.) ACNS, Paris-Rocquencourt. Lecture Notes in Computer Science, vol. 5536, pp. 499–518 (2009)
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Appl. Cryptogr. (IJACT) 2(2), 121–138 (2010)
Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Rao, C.R.: Linear Statistical Inference and its Applications, 2nd edn. Wiley, New York (1973)
Rivain, M.: On the exact success rate of side channel analysis in the Gaussian model. In: Selected Areas in Cryptography, Sackville. Lecture Notes in Computer Science, vol. 5381, pp. 165–183. Springer (2008)
Rogaway, P. (ed.): Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841. Springer (2011)
Rudin, W.: Principles of Mathematical Analysis, 3rd edn. International Series in Pure and Applied Mathematics. McGraw-Hill, New York (1976).
Saon, G., Padmanabhan, M.: Minimum Bayes error feature selection for continuous speech recognition. In: Leen, T.K., Dietterich, T.G., Tresp, V. (eds.) NIPS, Denver, pp. 800–806. MIT (2000)
Silverman, B.W., Green, P.J.: Density Estimation for Statistics and Data Analysis. Chapman and Hall, London (1986)
Standaert, F.X.: Introduction to side-channel attacks secure integrated circuits and systems. In: Verbauwhede, I.M.R. (ed.) Secure Integrated Circuits and Systems. Integrated Circuits and Systems, chap. 2, pp. 27–42. Springer, Boston (2010). doi:10.1007/978-0-387-71829-3_2. http://dx.doi.org/10.1007/978-0-387-71829-3_2
Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517
Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, Cologne. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009)
Standaert, F.X., Peeters, É., Rouvroy, G., Quisquater, J.J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006). (Invited Paper)
Tchebichef, P.: Des valeurs moyennes. Journal de mathématiques pures et appliqués 12(2), 177–184 (1867)
Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.S. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2013, Santa Barbara. Lecture Notes in Computer Science, vol. 8086, pp. 21–36. Springer (2013)
Veyrat-Charvillon, N., Standaert, F.X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES, Lausanne. Lecture Notes in Computer Science, vol. 5747, pp. 429–443. Springer (2009)
Veyrat-Charvillon, N., Standaert, F.X.: Generic side-channel distinguishers: improvements and limitations. In: Rogaway (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 354–372. Springer (2011)
Whitnall, C., Oswald, E.: A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework. In: Rogaway, P. (ed.) Proceedings of the Advances in Cryptology – CRYPTO 2011 – 31st Annual Cryptology Conference, Santa Barbara, August 14–18, 2011. Lecture Notes in Computer Science, vol. 6841, pp. 316–334. Springer (2011)
Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)
Whitnall, C., Oswald, E., Mather, L.: An exploration of the Kolmogorov-Smirnov test as a competitor to mutual information analysis. In: E. Prouff (ed.) CARDIS, Leuven. Lecture Notes in Computer Science, vol. 7079, pp. 234–251. Springer (2011)
Whitnall, C., Oswald, E., Standaert, F.X.: The Myth of Generic DPA… and the Magic of Learning. Cryptology ePrint Archive, Report 2012/256 (2012). http://eprint.iacr.org/2012/256
Zhao, H., Zhou, Y., Standaert, F.X., Zhang, H.: Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test based Side-Channel Distinguishers. Cryptology ePrint Archive, Report 2013/091 (2013). http://eprint.iacr.org/2013/091
Acknowledgements
Annelie Heuser is partly founded by the Google Doctoral European Fellowship in the field of privacy.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Heuser, A., Rioul, O., Guilley, S., Danger, JL. (2015). Information Theoretic Comparison of Side-Channel Distinguishers: Inter-class Distance, Confusion, and Success. In: Candaele, B., Soudris, D., Anagnostopoulos, I. (eds) Trusted Computing for Embedded Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-09420-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-09420-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09419-9
Online ISBN: 978-3-319-09420-5
eBook Packages: EngineeringEngineering (R0)