On the power of template attacks in highly multivariate context

When implemented in software (or hardware), a cryptographic protocol can leak sensitive information during its execution. Side-channel attacks can use those leakages in order to reveal some information about the secret used by the algorithm. The leaking side-channel information can take place in many time samples. Measurement appliances can cope with the acquisition of multiple samples. From an adversarial point of view, it is therefore beneficial to attempt to make the most of highly multivariate traces. On the one hand, template attacks have been introduced to deal with multivariate leakages, with as few assumptions as possible on the leakage model. On the other hand, many works have underlined the need for dimensionality reduction. In this paper, we clarify the relationship between template attacks in full space and in linear subspaces, in terms of success rate. In particular, we exhibit a clear mathematical expression for template attacks, which enables an efficient computation even on large dimensions such as several hundred of samples. It is noteworthy that both of PoI-based and PCA-based template attacks can straightforwardly benefit from our approach. Furthermore, we extend the approach to the masking-based protected implementations. Our approach is validated both by simulated and real-world traces.

[1]  Dengguo Feng,et al.  Mahalanobis distance similarity measure based distinguisher for template attack , 2015, Secur. Commun. Networks.

[2]  Yongbin Zhou,et al.  How many interesting points should be used in a template attack? , 2016, J. Syst. Softw..

[3]  Jean-Sébastien Coron,et al.  An Efficient Method for Random Delay Generation in Embedded Software , 2009, CHES.

[4]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[5]  Bruno Rouzeyre,et al.  Power consumption traces realignment to improve differential power analysis , 2011, 14th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems.

[6]  Hermann Drexler,et al.  Improved Template Attacks , 2010 .

[7]  Stefan Mangard,et al.  Template Attacks on Masking - Resistance Is Futile , 2007, CT-RSA.

[8]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[9]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[10]  Sylvain Guilley,et al.  Wavelet transform based pre-processing for side channel analysis , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[11]  Sylvain Guilley,et al.  Binary Data Analysis for Source Code Leakage Assessment , 2018, SecITC.

[12]  Emmanuel Prouff,et al.  Behind the Scene of Side Channel Attacks , 2013, ASIACRYPT.

[13]  Jean-Sébastien Coron,et al.  Conversion of Security Proofs from One Leakage Model to Another: A New Issue , 2012, COSADE.

[14]  Sylvain Guilley,et al.  On the optimality and practicability of mutual information analysis in some scenarios , 2016, Cryptography and Communications.

[15]  Sylvain Guilley,et al.  NICV: Normalized inter-class variance for detection of side-channel leakage , 2014, 2014 International Symposium on Electromagnetic Compatibility, Tokyo.

[16]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[17]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[18]  Sylvain Guilley,et al.  Less is More - Dimensionality Reduction from a Theoretical Perspective , 2015, CHES.

[19]  Sylvain Guilley,et al.  Optimal side-channel attacks for multivariate leakages and multiple models , 2016, Journal of Cryptographic Engineering.

[20]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[21]  Sylvain Guilley,et al.  Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator , 2010, AFRICACRYPT.

[22]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.

[23]  Yongbin Zhou,et al.  How to Compare Selections of Points of Interest for Side-Channel Distinguishers in Practice? , 2014, ICICS.

[24]  Debdeep Mukhopadhyay,et al.  Reaching the Limit of Nonprofiling DPA , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[25]  I. Jolliffe Principal Component Analysis , 2005 .

[26]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[27]  Sylvain Guilley,et al.  Side-channel leakage and trace compression using normalized inter-class variance , 2014, IACR Cryptol. ePrint Arch..

[28]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[29]  Emmanuel Prouff,et al.  On the Use of Independent Component Analysis to Denoise Side-Channel Measurements , 2018, IACR Cryptol. ePrint Arch..

[30]  Gilles Millerioux,et al.  Spectral Approach for Correlation Power Analysis , 2017, C2SI.

[31]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[32]  Sylvain Guilley,et al.  Formal Framework for the Evaluation of Waveform Resynchronization Algorithms , 2011, WISTP.

[33]  Virginia Vassilevska Williams,et al.  Multiplying matrices faster than coppersmith-winograd , 2012, STOC '12.

[34]  Romain Poussier,et al.  Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis) , 2015, COSADE.

[35]  François Durvaux,et al.  Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models , 2012, CARDIS.

[36]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[37]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[38]  Ming Tang,et al.  Stochastic Side-Channel Leakage Analysis via Orthonormal Decomposition , 2017, SECITC.

[39]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[40]  Dengguo Feng,et al.  How to Choose Interesting Points for Template Attacks More Effectively? , 2014, INTRUST.

[41]  Sylvain Guilley,et al.  Masks will Fall Off - Higher-Order Optimal Distinguishers , 2014, IACR Cryptol. ePrint Arch..

[42]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.