Abstract
Evaluating side-channel attacks and countermeasures requires determining the amount of information leaked by a target device. For this purpose, information extraction procedures published so far essentially combine a “leakage model” with a “distinguisher”. Fair evaluations ideally require exploiting a perfect leakage model (i.e. exactly corresponding to the true leakage distribution) with a Bayesian distinguisher. But since such perfect models are generally unknown, density estimation techniques have to be used to approximate the leakage distribution. This raises the fundamental problem that all security evaluations are potentially biased by both estimation and assumption errors. Hence, the best that we can hope is to be aware of these errors. In this paper, we provide and implement methodological tools to solve this issue. Namely, we show how sound statistical techniques allow both quantifying the leakage of a chip, and certifying that the amount of information extracted is close to the maximum value that would be obtained with a perfect model.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, T.W.: On the distribution of the two-sample Cramer-von Mises criterion. The Annals of Mathematical Statistics 33(3), 1148–1159 (1962)
Bartoszynski, R., Pearl, D.K., Lawrence, J.: A multidimensional goodness-of-fit test based on interpoint distances. Journal of the American Statistical Association 92(438), 577–586 (1997)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Chakravarti, Laha, Roy: Handbook of methods of applied statistics, vol. I, pp. 392–394. John Wiley and Sons (1967)
Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
DPA Contest, http://www.dpacontest.org/v3/index.php (2012)
Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to certify the leakage of a chip? Cryptology ePrint Archive, Report 2013/706 (2013), http://eprint.iacr.org/
Elaabid, M.A., Guilley, S.: Portability of templates. J. Cryptographic Engineering 2(1), 63–74 (2012)
Geisser, S.: Predictive inference, vol. 55. Chapman & Hall/CRC (1993)
Hastie, T., Tibshirani, R., Friedman, J.: The elements of statistical learning. Springer Series in Statistics. Springer New York Inc., New York (2001)
Maa, J.-F., Pearl, D.K., Bartoszynski, R.: Reducing multidimensional two-sample data to one-dimensional interpoint comparisons. The Annals of Statistics 24(3), 1069–1074 (1996)
Mangard, S., Oswald, E., Standaert, F.-X.: One for all – all for one: Unifying standard differential power analysis attacks. IET Information Security 5(2), 100–110 (2011)
Mangard, S.: Hardware countermeasures against DPA? A statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004)
Pyke, R.: Spacings revisited. In: Proceedings of the Sixth Berkeley Symposium on Mathematical Statistics and Probability, Univ. California, Berkeley, Calif. Theory of Statistics, vol. I, pp. 417–427. Univ. California Press (1970/1971)
Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)
Silverman, B.W.: Density estimation for statistics and data analysis. Monographs on Statistics and Applied Probability. Taylor & Francis (1986)
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)
Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010)
Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: Improvements and limitations. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 354–372. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Association for Cryptologic Research
About this paper
Cite this paper
Durvaux, F., Standaert, FX., Veyrat-Charvillon, N. (2014). How to Certify the Leakage of a Chip?. In: Nguyen, P.Q., Oswald, E. (eds) Advances in Cryptology – EUROCRYPT 2014. EUROCRYPT 2014. Lecture Notes in Computer Science, vol 8441. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55220-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-55220-5_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55219-9
Online ISBN: 978-3-642-55220-5
eBook Packages: Computer ScienceComputer Science (R0)