Skip to main content
SpringerLink
Log in

A fair evaluation framework for comparing side-channel distinguishers

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The ability to make meaningful comparisons between side-channel distinguishers is important both to attackers seeking an optimal strategy and to designers wishing to secure a device against the strongest possible threat. The usual experimental approach requires the distinguishing vectors to be estimated: outcomes do not fully represent the inherent theoretic capabilities of distinguishers and do not provide a basis for conclusive, like-for-like comparisons. This is particularly problematic in the case of mutual information-based side channel analysis (MIA) which is notoriously sensitive to the choice of estimator. We propose an evaluation framework which captures those theoretic characteristics of attack distinguishers having the strongest bearing on an attacker’s general ability to estimate with practical success, thus enabling like-for-like comparisons between different distinguishers in various leakage scenarios. We apply our framework to an evaluation of MIA relative to its rather more well-established correlation-based predecessor and a proposed variant inspired by the Kolmogorov–Smirnov distance. Our analysis makes sense of the rift between the a priori reasoning in favour of MIA and the disappointing empirical findings of previous comparative studies and moreover reveals several unprecedented features of the attack distinguishers in terms of their sensitivity to noise. It also explores—to our knowledge, for the first time—theoretic properties of near-generic power models previously proposed (and experimentally verified) for use in attacks targeting injective functions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Akkar, M., Bevan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible. In: Okamoto, T. (ed.) Advances in Cryptology, Proceedings of ASIACRYPT 2000, LNCS, pp. 489–502 (2000)

  2. Aumonier, S.: Generalized correlation power analysis. In: Proceedings of the Ecrypt Workshop Tools For Cryptanalysis (2007)

  3. Batina L., Gierlichs B., Prouff E., Rivain M., Standaert F.X., Veyrat-Charvillon N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24, 269–291 (2011)

    Article  MathSciNet  Google Scholar 

  4. Benzi R., Parisi G., Sutera A., Vulpiani A.: Stochastic resonance in climatic change. Tellus 34(1), 10–16 (1982)

    Article  Google Scholar 

  5. Bonachela, J., Hinrichsen, H., Munoz, M.: Entropy estimates of small data sets. J. Phys. A Math. Theor. 41(20), (2008)

  6. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) Proceedings of CHES 2004, LNCS, vol. 3156, pp. 135–152. Springer, Berlin (2004)

  7. Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski, B., Koç, Ç., Paar, C. (eds.) Proceedings of CHES 2002, LNCS, vol. 2523, pp. 51–62. Springer, Berlin (2003)

  8. Doget, J., Prouff, E., Rivain, M., Standaert, F.X.: Univariate side channel attacks and leakage modeling. In: Proceedings of COSADE 2011, pp. 1–15 (2011)

  9. Fasano G., Franceschini A.: A multidimensional version of the Kolmogorov–Smirnov test. Mon. Notices R. Astron. Soc. 225, 155–170 (1987)

    Google Scholar 

  10. Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting higher-order DPA attacks: multivariate mutual information analysis. In: Pieprzyk, J. (ed.) Topics in Cryptology—CT-RSA 2010, LNCS, vol. 5985, pp. 221–234. Springer, San Francisco (2010)

  11. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis: a generic side-channel distinguisher. In: Oswald, E., Rohatgi, P. (eds.) Proceedings of CHES 2008, LNCS, vol. 5154, pp. 426–442. Springer, Berlin (2008)

  12. Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A. (eds.) Smart Card Research and Advanced Applications VI, IFIP, vol. 153, pp. 127–142. Springer, Boston (2004)

  13. Hutter, M.: Distribution of Mutual Information. In: Dietterich, T.G., Becker, S., Ghahramani, Z. (eds.) Advances in Neural Information Processing Systems, vol. 14, pp. 399–406. MIT Press, Cambridge (2002)

  14. Kraemer, H.C., Thiemann, S.: How Many Subjects?: Statistical Power Analysis in Research, 1st edn. Sage Publications, Inc (1987)

  15. Madiman, M.: On the entropy of sums. In: 2008 IEEE Information Theory Workshop (2008)

  16. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

  17. Mangard S., Oswald E., Standaert F.X.: One for all–all for one: unifying standard DPA attacks. IET Inf. Secur. 5(2), 100–110 (2011)

    Article  Google Scholar 

  18. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) Proceedings of CHES 2005, LNCS, vol. 3659, pp. 157–171. Springer, Berlin (2005)

  19. Mather, L.: The Multivariate Kolmogorov–Smirnov test in differential power analysis attacks. Master’s thesis, Department of Computer Science, University of Bristol (2010)

  20. Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç, Paar, C. (eds.) Proceedings of CHES 2000, LNCS, vol. 1965, pp. 27–78. Springer, Berlin (2000)

  21. Micali S., Reyzin L.: Physically observable cryptography. In: Naor, M. (ed.) Theory of Cryptography, LNCS, vol. 2951, pp. 278–296. Springer, Berlin (2004)

  22. Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a gaussian assumption. In: Youm, H., Yung, M. (eds.) Information Security Applications, LNCS, vol. 5932, pp. 193–205. Springer, Berlin (2009)

  23. Paninski L.: Estimation of entropy and mutual information. Neural Comput. 15(6), 1191–1253 (2003)

    Article  MATH  Google Scholar 

  24. Peacock J.: Two-dimensional goodness-of-fit testing in astronomy. Mon. Notices R. Astron. Soc. 202, 615–627 (1983)

    Google Scholar 

  25. Prouff, E.: DPA attacks and S-Boxes. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption, LNCS, vol. 3557, pp. 424–441. Springer, Berlin (2005)

  26. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Abdalla, M., Pointcheval, D., Fouque, P.A., Vergnaud, D. (eds.) ACNS, LNCS, vol. 5536, pp. 499–518. Springer, Berlin (2009)

  27. Prouff E., Rivain M., Bevan R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009). doi:10.1109/TC.2009.15

    Article  MathSciNet  Google Scholar 

  28. Rechberger, C., Oswald, E.: Practical template attacks. In: WISA, LNCS, vol. 3325, pp. 440–456 (2004)

  29. Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) Proceedings of EUROCRYPT 2011, LNCS, vol. 6632, pp. 109–128. Springer, Berlin (2011)

  30. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J., Sunar, B. (eds.) Proceedings of CHES 2005, LNCS, vol. 3659, pp. 30–46. Springer, Berlin (2005)

  31. Shiga, M., Yokota, Y.: An optimal entropy estimator for discrete random variables. In: Proceedings of the International Joint Conference on Neural Networks, IEEE International Joint Conference on Neural Networks (IJCNN), pp. 1280–1285. IEEE, New York (2005)

  32. Standaert, F.X., Gierlichs, B., Verbauwhede, I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P., Cheon, J. (eds.) ICISC 2008, LNCS, vol. 5461, pp. 253–267. Springer, Berlin (2009)

  33. Standaert, F.X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Advances in Cryptology, Proceedings of EUROCRYPT 2009, LNCS, vol. 5479, pp. 443–461. Springer, Berlin (2009)

  34. Treves A., Panzeri S.: The upward bias in measures on information derived from limited data samples. Neural Comput. 7(2), 399–407 (1995)

    Article  Google Scholar 

  35. Veyrat-Charvillon, N., Standaert, F.X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) Proceedings of CHES 2009, LNCS, vol. 5747, pp. 429–443. Springer, Berlin (2009)

  36. Whitnall, C., Oswald, E.: A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Proceedings of CRYPTO 2011. Springer, Berlin (2011)

  37. Whitnall, C., Oswald, E., Mather, L.: An exploration of the Kolmogorov–Smirnov test as a competitor to mutual information analysis. CARDIS (to appear, 2011). Prelimary version available from the Cryptology ePrint Archive, Report 2011/380 (2011). http://eprint.iacr.org/2011/380

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Merchant Venturers Building, University of Bristol, Woodland Road, Bristol, BS8 1UB, UK

    Carolyn Whitnall & Elisabeth Oswald

Authors
  1. Carolyn Whitnall
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisabeth Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carolyn Whitnall.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Whitnall, C., Oswald, E. A fair evaluation framework for comparing side-channel distinguishers. J Cryptogr Eng 1, 145–160 (2011). https://doi.org/10.1007/s13389-011-0011-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-011-0011-1

Keywords

Search

Navigation