Simpler, Faster, and More Robust T-Test Based Leakage Detection

Abstract

The TVLA procedure using the t-test has become a popular leakage detection method. To protect against environmental fluctuation in laboratory measurements, we propose a paired t-test to improve the standard procedure. We take advantage of statistical matched-pairs design to remove the environmental noise effect in leakage detection. Higher order leakage detection is further improved with a moving average method. We compare the proposed test with standard t-test on synthetic data and physical measurements. Our results show that the proposed tests are robust to environmental noise.

Appendices

Appendix

A Proof of Theorem 1

We are comparing the leakage detection statistic (9)

$$\begin{aligned} D=(L^{(1)}_A - \bar{L}^{(1)}_A)(L^{(2)}_A - \bar{L}^{(2)}_A) - (L^{(1)}_B - \bar{L}^{(1)}_B)(L^{(2)}_B - \bar{L}^{(2)}_B), \end{aligned}$$

with the theoretical optimal leakage detection statistic \(\varDelta \) in Eq. (8).

Without loss of generality, let \(c^{(1)}=c^{(2)}=0\) in model (6), since these constants are cancelled in each of the differences \((L^{(j)}_A - \bar{L}^{(j)}_A)\) and \((L^{(j)}_B - \bar{L}^{(j)}_B)\) for \(j=1,2\). Then (8) is simplified as \(\varDelta = L^{(1)}_A L^{(2)}_A - L^{(1)}_B L^{(2)}_B\). Hence

$$\begin{aligned} E(\varDelta )&=E(L^{(1)}_A L^{(2)}_A) - E(L^{(1)}_B L^{(2)}_B) \nonumber \\ \quad Var(\varDelta )&= Var(L^{(1)}_A L^{(2)}_A) + Var(L^{(1)}_B L^{(2)}_B). \end{aligned}$$

(12)

We first reexpress \((L^{(1)}_A - \bar{L}^{(1)}_A)\) as the difference between two independent terms. We denote \(\tilde{L}^{(1)}_A = \frac{1}{n_w-1} \sum _{i=1}^{n_w-1} L^{(1)}_{A,i}\) as the average of \(n_w-1\) traces excluding the original trace, where \(L^{(1)}_{A,i}\) (\(i=1,...,n_w-1\)) are independent random variables coming from the same distribution as \(L^{(1)}_A\). Since \(\bar{L}^{(1)}_A\) is the average over \(n_w\) nearby traces including the original trace, \(\bar{L}^{(1)}_A = \frac{1}{n_w} [L^{(1)}_A + \sum _{i=1}^{n_w-1} L^{(1)}_{A,i}] = \frac{n_w-1}{n_w} ( L^{(1)}_A - \tilde{L}^{(1)}_A)\), with \(\tilde{L}^{(1)}_A\) independent of \(L^{(1)}_A\). \(E(\tilde{L}^{(1)}_A) = E(L^{(1)}_A)\) and \(Var(\tilde{L}^{(1)}_A)=\frac{1}{n_w-1} Var(L^{(1)}_A)\). Similarly, \(\tilde{L}^{(2)}_A\), \(\tilde{L}^{(1)}_B\) and \(\tilde{L}^{(2)}_B\) denotes the average of corresponding quantities over the \(n_w-1\) traces excluding the original trace. The we can rewrite the leakage detection statistic in (9) as

$$\begin{aligned} D=(\frac{n_w-1}{n_w})^2 [(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A) - (L^{(1)}_B - \tilde{L}^{(1)}_B)(L^{(2)}_B - \tilde{L}^{(2)}_B)]. \end{aligned}$$

(13)

Therefore as \(n_w \rightarrow \infty \), \(D \rightarrow \varDelta \).

Next, we show that E(D) and Var(D) differ from their limits \(E(\varDelta )\) and \(Var(\varDelta )\) by a factor of \(O(1/n_w)\) only. Let \(D^* = \frac{n_w}{n_w-1} D\). Then we have

$$\begin{aligned} E(D^*)= E(\varDelta ), \end{aligned}$$

(14)

$$\begin{aligned}&Var(D^*) -Var(\varDelta )\nonumber \\ =&\frac{2}{n_w} [Var(V^{(1)}_A) Var(V^{(2)}_A) + Var(V^{(1)}_B) Var(V^{(2)}_B) + E^2(V^{(1)}_{A}V^{(2)}_{A})\nonumber \\&\ + E^2(V^{(1)}_B V^{(2)}_B) - Var(V^{(1)}_A V^{(2)}_A)- Var(V^{(1)}_B V^{(2)}_B)] + O(\frac{1}{n_w^2}). \end{aligned}$$

(15)

The proofs of these two equations are provided in the next two subsections.

Combining Eqs. (12), (14) and (15), we arrived at Eq. (10) and Theorem 1 is proved.

1.1 A.1 Proof of Eq. (14) on Mean of \(D^*\)

We now calculate the first term in E(D).

$$\begin{aligned} E(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) = (\frac{1}{n_w-1})^2 \sum _{i=1}^{n_w-1} \sum _{j=1}^{n_w-1} E(L^{(1)}_{A,i}L^{(2)}_{A,j}). \end{aligned}$$

For \(i \ne j\), \(L^{(1)}_{A,i}\) is independence of \(L^{(2)}_{A,j}\) so that \(E(L^{(1)}_{A,i}L^{(2)}_{A,j})=E(L^{(1)}_{A,i})E(L^{(2)}_{A,j})=(0)(0)=0\) and drops from the summation. Hence

$$\begin{aligned} E(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) = (\frac{1}{n_w-1})^2 \sum _{i=1}^{n_w-1} E(L^{(1)}_{A,i}L^{(2)}_{A,i}) = \frac{1}{n_w-1} E(L^{(1)}_{A}L^{(2)}_{A}). \end{aligned}$$

(16)

Also, since \(\tilde{L}^{(1)}_A\) is independent of \(L^{(2)}_A\), \(E(\tilde{L}^{(1)}_A L^{(2)}_A) = E(\tilde{L}^{(1)}_A) E( L^{(2)}_A) =0\). Similarly \(E(L^{(1)}_A\tilde{L}^{(2)}_A)=0\). Therefore,

$$\begin{aligned} E[(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A)]&= E(L^{(1)}_{A}L^{(2)}_{A}) - 0 -0 + E (\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) \\&= E(L^{(1)}_{A}L^{(2)}_{A}) + \frac{1}{n_w-1} E(L^{(1)}_{A}L^{(2)}_{A}) \\&= \frac{n_w}{n_w-1} E(L^{(1)}_{A}L^{(2)}_{A}). \end{aligned}$$

Similarly, \( E[(L^{(1)}_B - \tilde{L}^{(1)}_B)(L^{(2)}_B - \tilde{L}^{(2)}_B)] = \frac{n_w}{n_w-1} E(L^{(1)}_{B}L^{(2)}_{B}). \) Combine these two expressions with Eq. (13) and \(D^* = \frac{n_w}{n_w-1} D\), we get Eq. (14)

$$\begin{aligned} E(D^*)=(\frac{n_w-1}{n_w}) \frac{n_w}{n_w-1} E[L^{(1)}_AL^{(2)}_A - L^{(1)}_B L^{(2)}_B] = E(\varDelta ). \end{aligned}$$

1.2 A.2 Proof of Eq. (15) on Variance of \(D^*\)

$$\begin{aligned} Var(D^*)=(\frac{n_w-1}{n_w})^2 \{Var [(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A)] + Var[(L^{(1)}_B - \tilde{L}^{(1)}_B)(L^{(2)}_B - \tilde{L}^{(2)}_B)] \}. \end{aligned}$$

(17)

For the first term, the variance of the sum \(L^{(1)}_A L^{(2)}_A - \tilde{L}^{(1)}_AL^{(2)}_A - L^{(1)}_A \tilde{L}^{(2)}_A + L^{(1)}_A L^{(2)}_A\) is the covariance of the sum with itself. For the four terms in \(L^{(1)}_A L^{(2)}_A - \tilde{L}^{(1)}_AL^{(2)}_A - L^{(1)}_A \tilde{L}^{(2)}_A + L^{(1)}_A L^{(2)}_A\), the covariance for most pairs of different terms are zero. For example,

$$\begin{aligned} Cov(L^{(1)}_A L^{(2)}_A, \tilde{L}^{(1)}_AL^{(2)}_A)&= E(L^{(1)}_A L^{(2)}_A \tilde{L}^{(1)}_AL^{(2)}_A) - E(L^{(1)}_A L^{(2)}_A)E(\tilde{L}^{(1)}_AL^{(2)}_A) \\&= E(L^{(1)}_A L^{(2)}_A L^{(2)}_A) 0 - E(L^{(1)}_A L^{(2)}_A) E(L^{(2)}_A)0 =0. \end{aligned}$$

and \(Cov(L^{(1)}_A L^{(2)}_A, \tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) =0\) due to the independence between \(L^{(1)}_A L^{(2)}_A\) and \(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A\). The only non-zero cross-term covariance is

$$\begin{aligned} Cov(\tilde{L}^{(1)}_AL^{(2)}_A, L^{(1)}_A \tilde{L}^{(2)}_A) = E(\tilde{L}^{(1)}_AL^{(2)}_A L^{(1)}_A \tilde{L}^{(2)}_A) - 0&= E(L^{(1)}_A L^{(2)}_A ) E(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) \\&= \frac{1}{n_w-1} E^2(L^{(1)}_{A}L^{(2)}_{A}), \end{aligned}$$

with the last step coming from Eq. (16). Therefore,

$$\begin{aligned}&Var [(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A)] \\ =&Var(L^{(1)}_A L^{(2)}_A) + Var(\tilde{L}^{(1)}_AL^{(2)}_A) + Var(L^{(1)}_A \tilde{L}^{(2)}_A) + Var(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A) \\&+ \frac{2}{n_w-1} E^2(L^{(1)}_{A}L^{(2)}_{A}) \end{aligned}$$

By independence, \(Var(\tilde{L}^{(1)}_AL^{(2)}_A)= Var(\tilde{L}^{(1)}_A) Var(L^{(2)}_A)= \frac{1}{n_w-1} Var(L^{(1)}_A) Var(L^{(2)}_A)\), and \(Var(L^{(1)}_A \tilde{L}^{(2)}_A) = \frac{1}{n_w-1} Var(L^{(1)}_A) Var(L^{(2)}_A)\).

For \(Var(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A)\), note that

$$\begin{aligned} \tilde{L}^{(1)}_A \tilde{L}^{(2)}_A = (\frac{1}{n_w-1})^2 \sum _{i=1}^{n_w-1} \sum _{j=1}^{n_w-1} L^{(1)}_{A,i}L^{(2)}_{A,j}. \end{aligned}$$

The covariance between any two different terms in the sum is zero. Hence

$$\begin{aligned} Var(\tilde{L}^{(1)}_A \tilde{L}^{(2)}_A)&= (\frac{1}{n_w-1})^4[ \sum _{i} Var(L^{(1)}_{A,i}L^{(2)}_{A,i}) + \sum _{i \ne j} Var(L^{(1)}_{A,i} L^{(2)}_{A,j})] \\&= \frac{1}{(n_w-1)^3} Var(L^{(1)}_{A} L^{(2)}_{A}) + \frac{n_w-2}{(n_w-1)^3} Var(L^{(1)}_A) Var(L^{(2)}_A). \end{aligned}$$

Combine together, we have

$$\begin{aligned}&Var [(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A)] \\&= Var(L^{(1)}_A L^{(2)}_A) + \frac{2}{n_w-1} Var(L^{(1)}_A) Var(L^{(2)}_A) + \frac{2}{n_w-1} E^2(L^{(1)}_{A}L^{(2)}_{A}) \\&\quad + \frac{n_w-2}{(n_w-1)^3} Var(L^{(1)}_A) Var(L^{(2)}_A) + \frac{1}{(n_w-1)^3} Var(L^{(1)}_{A} L^{(2)}_{A}) \\&= Var(L^{(1)}_A L^{(2)}_A) + \frac{2}{n_w} Var(L^{(1)}_A) Var(L^{(2)}_A) + \frac{2}{n_w} E^2(L^{(1)}_{A}L^{(2)}_{A}) + O(\frac{1}{n_w^2}) \end{aligned}$$

Hence the first term in \(Var(D^*)\) becomes

$$\begin{aligned}&(\frac{n_w-1}{n_w})^2 Var [(L^{(1)}_A - \tilde{L}^{(1)}_A)(L^{(2)}_A - \tilde{L}^{(2)}_A)]\nonumber \\ =&(\frac{n_w-1}{n_w})^2 Var(L^{(1)}_A L^{(2)}_A) + \frac{2}{n_w} Var(L^{(1)}_A) Var(L^{(2)}_A) + \frac{2}{n_w} E^2(L^{(1)}_{A}L^{(2)}_{A}) + O(\frac{1}{n_w^2})\nonumber \\ =&Var(L^{(1)}_A L^{(2)}_A) + \frac{2}{n_w} [Var(L^{(1)}_A) Var(L^{(2)}_A) + E^2(L^{(1)}_{A}L^{(2)}_{A}) - Var(L^{(1)}_A L^{(2)}_A)] + O(\frac{1}{n_w^2}). \end{aligned}$$

(18)

For further simplification, let \(\sigma _1^2\) and \(\sigma _2^2\) denote the variances of noises \(r^{(1)}\) and \(r^{(2)}\) in the second-order leakage model (6). Then \(Var(L^{(1)}_A)=\sigma _1^2+Var(V^{(1)})\), \(Var(L^{(2)}_A)=\sigma _2^2+Var(V^{(2)})\), \(E(L^{(1)}_{A}L^{(2)}_{A}) = E (V^{(1)}V^{(2)})\),

$$\begin{aligned}&E[(L^{(1)}_{A}L^{(2)}_{A})^2] = E[(V^{(1)}_A + r^{(1)}_A)^2(V^{(2)}_A + r^{(2)}_A)^2] \\ =&E[(V^{(1)}_A)^2 (V^{(2)}_A)^2 + (r^{(1)}_A)^2(V^{(2)}_A)^2 + (V^{(1)}_A)^2 (r^{(2)}_A)^2 + (r^{(1)}_A)^2(r^{(2)}_A)^2] + 0\\ =&E[(V^{(1)}_A)^2 (V^{(2)}_A)^2] + \sigma _1^2 Var(V^{(2)}_A) + \sigma _2^2 Var(V^{(1)}_A) + \sigma _1^2 \sigma _2^2. \end{aligned}$$

Hence

$$\begin{aligned} Var[L^{(1)}_{A}L^{(2)}_{A}] = Var(V^{(1)}_AV^{(2)}_A) + \sigma _1^2 Var(V^{(2)}_A) + \sigma _2^2 Var(V^{(1)}_A) + \sigma _1^2 \sigma _2^2. \end{aligned}$$

Combine the above five expressions,

$$\begin{aligned}&Var(L^{(1)}_A) Var(L^{(2)}_A) + E^2(L^{(1)}_{A}L^{(2)}_{A}) - Var(L^{(1)}_A L^{(2)}_A) \\ =&Var(V^{(1)})Var(V^{(2)})+E (V^{(1)}V^{(2)})-Var(V^{(1)}_AV^{(2)}_A) \end{aligned}$$

Combine this with (17) and (18) we have Eq. (15),

$$\begin{aligned}&Var(D^*) - [Var(L^{(1)}_A L^{(2)}_A) + Var(L^{(1)}_B L^{(2)}_B)] \\&= \frac{2}{n_w} [Var(V^{(1)}_A) Var(V^{(2)}_A) + E^2(V^{(1)}_{A}V^{(2)}_{A}) - Var(V^{(1)}_A V^{(2)}_A) \\&\quad + Var(V^{(1)}_B) Var(V^{(2)}_B) + E^2(V^{(1)}_B V^{(2)}_B) - Var(V^{(1)}_B V^{(2)}_B)] + O(\frac{1}{n_w^2}). \end{aligned}$$

B Derivation of Eq. (11)

As in the previous section, we let \(c^{(1)}=c^{(2)}=0\) without loss of generality, so that \(E(L^{(1)}_A)=E(L^{(2)}_A)=0\). Then

$$\begin{aligned} E[(L^{(1)}_A - b) (L^{(2)}_A -b)]&= E(L^{(1)}_A L^{(2)}_A) - b E(L^{(1)}_A ) -b E(L^{(2)}_A) + b^2 = E(L^{(1)}_A L^{(2)}_A) + b^2 \\&= E(L^{(1)}_A L^{(2)}_A) + b^2. \end{aligned}$$

Hence

$$\begin{aligned} E(\varDelta ^*_b)&=E[(L^{(1)}_A - b) (L^{(2)}_A -b)] - E[(L^{(1)}_B - b) (L^{(2)}_B -b)]&\nonumber \\&= E(L^{(1)}_A L^{(2)}_A) + b^2 - E(L^{(1)}_B L^{(2)}_B) - b^2&\nonumber \\&=E(L^{(1)}_A L^{(2)}_A) - E(L^{(1)}_B L^{(2)}_B) = E(\varDelta ). \end{aligned}$$

(19)

Next,

$$\begin{aligned}&Var[(L^{(1)}_A - b) (L^{(2)}_A -b)] \\ =&E[(L^{(1)}_A - b)^2 (L^{(2)}_A -b)^2] - [E(L^{(1)}_A L^{(2)}_A) + b^2]^2 \\ =&E[((L^{(1)}_A)^2 - 2bL^{(1)}_A +b^2) ((L^{(2)}_A)^2 - 2bL^{2)}_A +b^2)] - E[(L^{(1)}_A L^{(2)}_A)^2] - 2b E(L^{(1)}_A L^{(2)}_A) -\! b^4\\ =&Var(L^{(1)}_A L^{(2)}_A) -2b E[L^{(1)}_A L^{(2)}_A(L^{(1)}_A + L^{(2)}_A)] + b^2 E[(L^{(1)}_A)^2 + (L^{(2)}_A)^2 + 2L^{(1)}_A L^{(2)}_A)] \\ =&Var(L^{(1)}_A L^{(2)}_A) + b^2 [Var(L^{(1)}_A) + Var(L^{(2)}_A) + 2 E(L^{(1)}_A L^{(2)}_A)] + O(b). \end{aligned}$$

Hence we get the variance

$$\begin{aligned} Var(\varDelta ^*_b) =&Var(\varDelta ) + b^2 [Var(L^{(1)}_A) + Var(L^{(2)}_A) + 2 E(L^{(1)}_A L^{(2)}_A)\nonumber \\&\qquad + Var(L^{(1)}_B) + Var(L^{(2)}_B) + 2 E(L^{(1)}_B L^{(2)}_B)] + O(b). \end{aligned}$$

(20)