{"title":"基于互信息的侧信道分析的理论和实践方面","authors":"E. Prouff, Matthieu Rivain","doi":"10.1504/IJACT.2010.038306","DOIUrl":null,"url":null,"abstract":"A large variety of side channel analyses performed on embedded devices involve the linear correlation coefficient as wrong-key distinguisher. This coefficient is actually a sound statistical tool to quantify linear dependencies between univariate variables. At CHES 2008, Gierlichs et al. proposed to use the mutual information measure as an alternative to the correlation coefficient since it detects any kind of statistical dependency. Substituting it for the correlation coefficient may indeed be considered as a natural extension of the existing attacks. Nevertheless, the first published applications have raised several open issues. In this paper, we conduct a theoretical analysis of MIA in the Gaussian leakage model to explore the reasons why and when it is a sound key recovery attack. Also, we generalise MIA to higher-orders (i.e., against masked implementations). Secondly, we address the main practical issue of MIA: the mutual information estimation which itself relies on the estimation of statistical distributions. We describe three classical estimation methods and we apply them in the context of MIA. Eventually, we present various attack simulations and practical attack experiments that allow us to check the efficiency of MIA in practice and to compare it to classical correlation-based attacks.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"105","resultStr":"{\"title\":\"Theoretical and practical aspects of mutual information-based side channel analysis\",\"authors\":\"E. Prouff, Matthieu Rivain\",\"doi\":\"10.1504/IJACT.2010.038306\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A large variety of side channel analyses performed on embedded devices involve the linear correlation coefficient as wrong-key distinguisher. This coefficient is actually a sound statistical tool to quantify linear dependencies between univariate variables. At CHES 2008, Gierlichs et al. proposed to use the mutual information measure as an alternative to the correlation coefficient since it detects any kind of statistical dependency. Substituting it for the correlation coefficient may indeed be considered as a natural extension of the existing attacks. Nevertheless, the first published applications have raised several open issues. In this paper, we conduct a theoretical analysis of MIA in the Gaussian leakage model to explore the reasons why and when it is a sound key recovery attack. Also, we generalise MIA to higher-orders (i.e., against masked implementations). Secondly, we address the main practical issue of MIA: the mutual information estimation which itself relies on the estimation of statistical distributions. We describe three classical estimation methods and we apply them in the context of MIA. Eventually, we present various attack simulations and practical attack experiments that allow us to check the efficiency of MIA in practice and to compare it to classical correlation-based attacks.\",\"PeriodicalId\":350332,\"journal\":{\"name\":\"Int. J. Appl. Cryptogr.\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"105\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Appl. Cryptogr.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJACT.2010.038306\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Appl. Cryptogr.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJACT.2010.038306","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Theoretical and practical aspects of mutual information-based side channel analysis
A large variety of side channel analyses performed on embedded devices involve the linear correlation coefficient as wrong-key distinguisher. This coefficient is actually a sound statistical tool to quantify linear dependencies between univariate variables. At CHES 2008, Gierlichs et al. proposed to use the mutual information measure as an alternative to the correlation coefficient since it detects any kind of statistical dependency. Substituting it for the correlation coefficient may indeed be considered as a natural extension of the existing attacks. Nevertheless, the first published applications have raised several open issues. In this paper, we conduct a theoretical analysis of MIA in the Gaussian leakage model to explore the reasons why and when it is a sound key recovery attack. Also, we generalise MIA to higher-orders (i.e., against masked implementations). Secondly, we address the main practical issue of MIA: the mutual information estimation which itself relies on the estimation of statistical distributions. We describe three classical estimation methods and we apply them in the context of MIA. Eventually, we present various attack simulations and practical attack experiments that allow us to check the efficiency of MIA in practice and to compare it to classical correlation-based attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
