Abstract
The ability to make meaningful comparisons between side-channel distinguishers is important both to attackers seeking an optimal strategy and to designers wishing to secure a device against the strongest possible threat. The usual experimental approach requires the distinguishing vectors to be estimated: outcomes do not fully represent the inherent theoretic capabilities of distinguishers and do not provide a basis for conclusive, like-for-like comparisons. This is particularly problematic in the case of mutual information-based side channel analysis (MIA) which is notoriously sensitive to the choice of estimator. We propose an evaluation framework which captures those theoretic characteristics of attack distinguishers having the strongest bearing on an attacker’s general ability to estimate with practical success, thus enabling like-for-like comparisons between different distinguishers in various leakage scenarios. We apply our framework to an evaluation of MIA relative to its rather more well-established correlation-based predecessor and a proposed variant inspired by the Kolmogorov–Smirnov distance. Our analysis makes sense of the rift between the a priori reasoning in favour of MIA and the disappointing empirical findings of previous comparative studies and moreover reveals several unprecedented features of the attack distinguishers in terms of their sensitivity to noise. It also explores—to our knowledge, for the first time—theoretic properties of near-generic power models previously proposed (and experimentally verified) for use in attacks targeting injective functions.
Similar content being viewed by others
References
Akkar, M., Bevan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible. In: Okamoto, T. (ed.) Advances in Cryptology, Proceedings of ASIACRYPT 2000, LNCS, pp. 489–502 (2000)
Aumonier, S.: Generalized correlation power analysis. In: Proceedings of the Ecrypt Workshop Tools For Cryptanalysis (2007)
Batina L., Gierlichs B., Prouff E., Rivain M., Standaert F.X., Veyrat-Charvillon N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24, 269–291 (2011)
Benzi R., Parisi G., Sutera A., Vulpiani A.: Stochastic resonance in climatic change. Tellus 34(1), 10–16 (1982)
Bonachela, J., Hinrichsen, H., Munoz, M.: Entropy estimates of small data sets. J. Phys. A Math. Theor. 41(20), (2008)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) Proceedings of CHES 2004, LNCS, vol. 3156, pp. 135–152. Springer, Berlin (2004)
Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski, B., Koç, Ç., Paar, C. (eds.) Proceedings of CHES 2002, LNCS, vol. 2523, pp. 51–62. Springer, Berlin (2003)
Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. In: Proceedings of COSADE 2011, pp. 1–15 (2011)
Fasano G., Franceschini A.: A multidimensional version of the Kolmogorov–Smirnov test. Mon. Notices R. Astron. Soc. 225, 155–170 (1987)
Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting higher-order DPA attacks: multivariate mutual information analysis. In: Pieprzyk, J. (ed.) Topics in Cryptology—CT-RSA 2010, LNCS, vol. 5985, pp. 221–234. Springer, San Francisco (2010)
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis: a generic side-channel distinguisher. In: Oswald, E., Rohatgi, P. (eds.) Proceedings of CHES 2008, LNCS, vol. 5154, pp. 426–442. Springer, Berlin (2008)
Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A. (eds.) Smart Card Research and Advanced Applications VI, IFIP, vol. 153, pp. 127–142. Springer, Boston (2004)
Hutter, M.: Distribution of Mutual Information. In: Dietterich, T.G., Becker, S., Ghahramani, Z. (eds.) Advances in Neural Information Processing Systems, vol. 14, pp. 399–406. MIT Press, Cambridge (2002)
Kraemer, H.C., Thiemann, S.: How Many Subjects?: Statistical Power Analysis in Research, 1st edn. Sage Publications, Inc (1987)
Madiman, M.: On the entropy of sums. In: 2008 IEEE Information Theory Workshop (2008)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2007)
Mangard S., Oswald E., Standaert F.X.: One for all–all for one: unifying standard DPA attacks. IET Inf. Secur. 5(2), 100–110 (2011)
Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) Proceedings of CHES 2005, LNCS, vol. 3659, pp. 157–171. Springer, Berlin (2005)
Mather, L.: The Multivariate Kolmogorov–Smirnov test in differential power analysis attacks. Master’s thesis, Department of Computer Science, University of Bristol (2010)
Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç, Paar, C. (eds.) Proceedings of CHES 2000, LNCS, vol. 1965, pp. 27–78. Springer, Berlin (2000)
Micali S., Reyzin L.: Physically observable cryptography. In: Naor, M. (ed.) Theory of Cryptography, LNCS, vol. 2951, pp. 278–296. Springer, Berlin (2004)
Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a gaussian assumption. In: Youm, H., Yung, M. (eds.) Information Security Applications, LNCS, vol. 5932, pp. 193–205. Springer, Berlin (2009)
Paninski L.: Estimation of entropy and mutual information. Neural Comput. 15(6), 1191–1253 (2003)
Peacock J.: Two-dimensional goodness-of-fit testing in astronomy. Mon. Notices R. Astron. Soc. 202, 615–627 (1983)
Prouff, E.: DPA attacks and S-Boxes. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption, LNCS, vol. 3557, pp. 424–441. Springer, Berlin (2005)
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Abdalla, M., Pointcheval, D., Fouque, P.A., Vergnaud, D. (eds.) ACNS, LNCS, vol. 5536, pp. 499–518. Springer, Berlin (2009)
Prouff E., Rivain M., Bevan R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009). doi:10.1109/TC.2009.15
Rechberger, C., Oswald, E.: Practical template attacks. In: WISA, LNCS, vol. 3325, pp. 440–456 (2004)
Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) Proceedings of EUROCRYPT 2011, LNCS, vol. 6632, pp. 109–128. Springer, Berlin (2011)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J., Sunar, B. (eds.) Proceedings of CHES 2005, LNCS, vol. 3659, pp. 30–46. Springer, Berlin (2005)
Shiga, M., Yokota, Y.: An optimal entropy estimator for discrete random variables. In: Proceedings of the International Joint Conference on Neural Networks, IEEE International Joint Conference on Neural Networks (IJCNN), pp. 1280–1285. IEEE, New York (2005)
Standaert, F.X., Gierlichs, B., Verbauwhede, I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P., Cheon, J. (eds.) ICISC 2008, LNCS, vol. 5461, pp. 253–267. Springer, Berlin (2009)
Standaert, F.X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Advances in Cryptology, Proceedings of EUROCRYPT 2009, LNCS, vol. 5479, pp. 443–461. Springer, Berlin (2009)
Treves A., Panzeri S.: The upward bias in measures on information derived from limited data samples. Neural Comput. 7(2), 399–407 (1995)
Veyrat-Charvillon, N., Standaert, F.X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) Proceedings of CHES 2009, LNCS, vol. 5747, pp. 429–443. Springer, Berlin (2009)
Whitnall, C., Oswald, E.: A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Proceedings of CRYPTO 2011. Springer, Berlin (2011)
Whitnall, C., Oswald, E., Mather, L.: An exploration of the Kolmogorov–Smirnov test as a competitor to mutual information analysis. CARDIS (to appear, 2011). Prelimary version available from the Cryptology ePrint Archive, Report 2011/380 (2011). http://eprint.iacr.org/2011/380
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Whitnall, C., Oswald, E. A fair evaluation framework for comparing side-channel distinguishers. J Cryptogr Eng 1, 145–160 (2011). https://doi.org/10.1007/s13389-011-0011-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-011-0011-1