Revealing the secrets of success Theoretical efficiency of - - PowerPoint PPT Presentation

revealing the secrets of success
SMART_READER_LITE
LIVE PREVIEW

Revealing the secrets of success Theoretical efficiency of - - PowerPoint PPT Presentation

Dec 14, 2023 1.04k likes •1.32k views

Revealing the secrets of success Theoretical efficiency of side-channel distinguishers Annelie Heuser, Sylvain Guilley, Olivier Rioul INSTITUT MINES-TLCOM Outline Motivation State of the art New metric: success metric (SM)

slide-1
SLIDE 1

INSTITUT MINES-TÉLÉCOM

Revealing the secrets of success

Theoretical efficiency of side-channel distinguishers

Annelie Heuser, Sylvain Guilley, Olivier Rioul

slide-2
SLIDE 2

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

Outline

2

  • Motivation
  • State of the art
  • New metric: success metric (SM)
  • Empirical evaluation
  • Closed-form expression of SM
  • Outlook
slide-3
SLIDE 3

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

Problem Statement

3 Interclass Information Analysis Kolmogorov-Smirnov Analysis Linear Regression Linear Correlation Analysis Difference of Means Mutual Information Analysis Empirically

  • Real measurements (portable?)
  • Simulations (model suitable?)

How to compare side-channel distinguishers? Theoretically

  • Is this realistic?
slide-4
SLIDE 4

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

State of the Art [Standaert+09] Unified framework for the analysis

  • f side-channel key recovery attacks
  • Estimated success rate (o-th order)
  • Estimated guessing entropy

4 E m p i r i c a l C r i t e r i a

slide-5
SLIDE 5

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

[WhitnallOswald11] A fair evaluation framework for comparing side-channel distinguisher

  • Theoretical evaluation criteria

(e.g., nearest distinguishing margin)

  • Distinguisher is provided with full information about the

leakage

  • New insights in the theoretical behavior

5 T h e

  • r

e t i c a l C r i t e r i a

State of the Art

slide-6
SLIDE 6

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

6

[Fei+12] Algorithmic confusion analysis for DPA

  • Closed-form expression of one-bit DPA for the

success rate using a multivariate normal CDF

Algorithmic confusion coefficient Signal-to-noise ratio Number of traces

State of the Art

slide-7
SLIDE 7

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

7 Theoretical Criteria Empirical Criteria

displays the practical

  • utcome

ad-hoc computation displays the theoretical distinguishability equivalent to the practical outcome?

State of the Art

coincides with the empirical success rate

New metric

more insights on parameters Closed-form expression

reflects relevant parameters

  • nly DPA;

multivariate CDF estimation

“simple“ closed-form expression for any additive distinguisher

slide-8
SLIDE 8

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

8 measured leakage with RV modeling the key secret key on the device sensitive variable depending on the key sensitive variable - correct key guess

Notation

Side-channel Model

slide-9
SLIDE 9

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

9 distinguisher difference estimated difference

Distinguisher

Notation

slide-10
SLIDE 10

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

10 Estimation Bias Estimation Variance such that the mean-squared error of the estimation is given by

Statistical parameter from Estimation Theory

Notation

slide-11
SLIDE 11

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

11 Failure rate To derive our new metric we start with the theoretical success rate:

Success Metric

slide-12
SLIDE 12

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

12

  • 1. Union bound

Normal approximation Chebyshev/ Chernov bound Approximate the failure rate: Failure rate

Success Metric

slide-13
SLIDE 13

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

13

  • 2. Normal Approximation

exponentially for large m

Success Metric

Assumption

slide-14
SLIDE 14

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

14

  • 3. First order approximation

Since we achieved exponentially convergence

FR = 1 - SR

Success Metric

Relation to failure rate Normal approximation

slide-15
SLIDE 15

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

15 Derived from the theoretical success rate through approximations, we define the success metric as

Success Metric

Roughly speaking

slide-16
SLIDE 16

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

16 is the first DES Sbox in each setting we conducted 300 experiments

Empirical Evaluation

  • Correlation Power Analysis (CPA)
  • Mutual Information Analysis (MIA)
  • Histograms
  • Parzen window
  • Kolmogorov-Smirnov Analysis (KSA)

S e t u p D i s t i n g u i s h e r

slide-17
SLIDE 17

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

17 Noise level = 4

Empirical Evaluation

S R a n d S M c

  • i

n c i d e

slide-18
SLIDE 18

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

18 Relative Distinguishing Margin

Empirical Evaluation

[WhitnallOswald11]

T h e

  • r

e t i c a l C r i t e r i a does not depends on

  • number of traces
  • estimation method
slide-19
SLIDE 19

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

19 Using 50 traces

Empirical Evaluation

Using 500 traces

SM depends on the number of traces

slide-20
SLIDE 20

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

20 Using 500 traces

Empirical Evaluation

slide-21
SLIDE 21

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

21

Closed-form expressions for additive distinguisher

Success Metric

slide-22
SLIDE 22

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

22

= =

One-bit models

[Fei+12]

  • nly valid for one-bit

models

Generalized Confusion Coefficient

We assume that that the sensitive variable is normalized

slide-23
SLIDE 23

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

23

CPA

  • ne-bit DPA

Closed-form Expression

slide-24
SLIDE 24
  • Introduced the success metric that is

derived from the theoretical success rate

  • Success metric coincide with the

empirical success rate

  • We are able to make predictions about

crossings that are not visible in the SR

  • Extended the idea of confusion
  • Derived a closed-form expression for the

success metric that is easier to compute

  • Explain the ranking of various

distinguishers

  • Determine the influence of the

leakage model

  • Sbox
  • Mask
  • nonlinear relationship

between X and Y*

  • Determine the influence of the

estimation

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

24

Conclusion & Future Work

Future Work Conclusion

slide-25
SLIDE 25

INSTITUT MINES-TÉLÉCOM

REVEALING THE SECRETS OF SUCCESS, A. HEUSER, S. GUILLEY, O. RIOUL

Questions?

25