Skip to main content
SpringerLink
Log in

A Key to Success

Success Exponents for Side-Channel Distinguishers

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2015 (INDOCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9462))

Included in the following conference series:

Abstract

The success rate is the classical metric for evaluating the performance of side-channel attacks. It is generally computed empirically from measurements for a particular device or using simulations. Closed-form expressions of success rate are desirable because they provide an explicit functional dependence on relevant parameters such as number of measurements and signal-to-noise ratio which help to understand the effectiveness of a given attack and how one can mitigate its threat by countermeasures. However, such closed-form expressions involve high-dimensional complex statistical functions that are hard to estimate.

In this paper, we define the success exponent (SE) of an arbitrary side-channel distinguisher as the first-order exponent of the success rate as the number of measurements increases. Under fairly general assumptions such as soundness, we give a general simple formula for any arbitrary distinguisher and derive closed-form expressions of it for \(\mathsf {DoM}\), \(\mathsf {CPA}\), \(\mathsf {MIA}\) and the optimal distinguisher when the model is known (template attack). For \(\mathsf {DoM}\) and \(\mathsf {CPA}\) our results are in line with the literature. Experiments confirm that the theoretical closed-form expression of the SE coincides with the empirically computed one, even for reasonably small numbers of measurements. Finally, we highlight that our study raises many new perspectives for comparing and evaluating side-channel attacks, countermeasures and implementations.

Annelie Heuser is a Google European fellow in the field of privacy and is partially founded by this fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Capitals such as X denote random variables. The corresponding lowercase x denotes realizations of these random variables. We write \(\mathbb {P}\{A\}\) for the probability of an event A and \(\mathbb {E}\{X\}\) for the expectation of a random variable X.

  2. 2.

    It is known that for bit #1, the DoM is not sound: the same distinguisher value can be obtained for the correct key \(k=k^*\) and for at least one incorrect key \(k=k^*\oplus \texttt {0x9}\).

References

  1. Batina, L., Robshaw, M. (eds.): CHES 2014. LNCS, vol. 8731. Springer, Heidelberg (2014)

    Google Scholar 

  2. Belgarric, P., Bhasin, S., Bruneau, N., Danger, J.-L., Debande, N., Guilley, S., Heuser, A., Najm, Z., Rioul, O.: Time-frequency analysis for second-order attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 108–122. Springer, Heidelberg (2014)

    Google Scholar 

  3. Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Chakraborty, K., Sarkar, S., Maitra, S., Mazumdar, B., Mukhopadhyay, D., Prouff, E.: Redefining the transparency order. In: The Ninth International Workshop on Coding and Cryptography, WCC 2015, Paris, France, April 13–17, 2015

    Google Scholar 

  6. Chari, S., Rao, J.R.: Rohatgi template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience, July 18, 2006. ISBN-10: ISBN-10: 0471241954, ISBN-13: 978–0471241959

    Google Scholar 

  8. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptographic Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  9. Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015)

    Google Scholar 

  10. Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  11. Ronald, A.: Statistical Methods for Research Workers. Oliver and Boyd, Edinburgh (1925)

    Google Scholar 

  12. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Guilley, S., Hoogvorst, P., Pacalet, R., Schmidt, J.: Improving side-channel attacks by exploiting substitution boxes properties. In: Presse Universitaire de Rouen et du Havre (ed.), BFCA, Paris, France, pp. 1–25, May 02–04, 2007. http://www.liafa.jussieu.fr/bfca/books/BFCA07.pdf

  14. Heuser, A., Kasper, M., Schindler, W., Stottinger, M.: How a symmetry metric assists side-channel evaluation - a novel model verification method for power analysis. In: Proceedings of the 2011 14th Euromicro Conference on Digital System Design, DSD 2011, pp. 674–681. IEEE Computer Society, Washington DC (2011)

    Google Scholar 

  15. Heuser, A., Rioul, O., Guilley, S.: Good Is not good enough - deriving optimal distinguishers from communication theory. In: Batina and Robshaw [1], pp. 55–74

    Google Scholar 

  16. Kardaun, O.J.W.F.: Classical Methods of Statistics. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  17. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Lomné, V., Prouff, E., Rivain, M., Roche, T., Thillard, A.: How to estimate the success rate of higher-order side-channel attacks. In: Batina and Robshaw [1], pp. 35–54

    Google Scholar 

  19. Maghrebi, H., Rioul, O., Guilley, S., Danger, J.-L.: Comparison between side-channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 331–340. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Mangard, S.: Hardware countermeasures against DPA – a statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Mangard, S., Oswald, E., Standaert, F.-X.: One for All - All for One: Unifying Standard DPA Attacks. IET Inf. Secur. 5(2), 100–111 (2011). doi:10.1049/iet-ifs.2010.0096. ISSN: 1751–8709

    Article  Google Scholar 

  22. Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Process. 16(3), 233–248 (1989)

    Article  MathSciNet  Google Scholar 

  23. Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a gaussian assumption. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 193–205. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Picek, S., Mazumdar, B., Mukhopadhyay, D., Batina, L.: Modified transparency order property: solution or just another attempt. In: Chakraborty, R.S., Schwabe, P., Solworth, J. (eds.) Security, Privacy, and Applied Cryptography Engineering. LNCS, vol. 9354, pp. 210–227. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  25. Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 499–518. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  28. Rao, C.R.: Linear Statistical Inference and its Applications, 2nd edn. J. Wiley and Sons, New York (1973)

    Book  MATH  Google Scholar 

  29. Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 165–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  30. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  31. Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 21–36. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  32. Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptographic Eng. 1(2), 145–160 (2011)

    Article  Google Scholar 

Download references

Acknowledgements

The authors are grateful to Darshana Jayasinghe for the real-world validation on traces taken from the Arduino board.

Author information

Authors and Affiliations

  1. Department Comelec, Télécom ParisTech, Institut Mines-Télécom, CNRS LTCI, 46 Rue Barrault, 75 634, Paris Cedex 13, France

    Sylvain Guilley, Annelie Heuser & Olivier Rioul

  2. Secure-IC S.A.S., 15 Rue Claude Chappe, Bât. B, ZAC des Champs Blancs, 35 510, Cesson-Sévigné, France

    Sylvain Guilley

  3. Applied Mathematics Department, École Polytechnique, Palaiseau, France

    Olivier Rioul

Authors
  1. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Rioul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Annelie Heuser .

Editor information

Editors and Affiliations

  1. Luxembourg, Luxembourg

    Alex Biryukov

  2. Microsoft Research India, Banglore, India

    Vipul Goyal

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Guilley, S., Heuser, A., Rioul, O. (2015). A Key to Success. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26617-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26616-9

  • Online ISBN: 978-3-319-26617-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation