Univariate side channel attacks and leakage modeling

Differential power analysis is a powerful cryptanalytic technique that exploits information leaking from physical implementations of cryptographic algorithms. During the two last decades, numerous variations of the original principle have been published. In particular, the univariate case, where a single instantaneous leakage is exploited, has attracted much research effort. In this paper, we argue that several univariate attacks among the most frequently used by the community are not only asymptotically equivalent, but can also be rewritten one in function of the other, only by changing the leakage model used by the adversary. In particular, we prove that most univariate attacks proposed in the literature can be expressed as correlation power analyses with different leakage models. This result emphasizes the major role plays by the model choice on the attack efficiency. In a second point of this paper, we hence also discuss and evaluate side channel attacks that involve no leakage model but rely on some general assumptions about the leakage. Our experiments show that such attacks, named robust, are a valuable alternative to the univariate differential power analyses. They only loose bit of efficiency in case a perfect model is available to the adversary, and gain a lot in case such information is not available.

[1]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[2]  Dakshi Agrawal,et al.  Multi-channel Attacks , 2003, CHES.

[3]  Kerstin Lemke-Rust,et al.  Models and algorithms for physical cryptanalysis , 2007 .

[4]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[5]  Stefan Mangard,et al.  One for All - All for One: Unifying Standard DPA Attacks , 2009, IACR Cryptol. ePrint Arch..

[6]  Robert H. Sloan,et al.  Power analysis attacks and countermeasures for cryptographic algorithms , 2000 .

[7]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[8]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, Technometrics.

[9]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[10]  Miquel Roca,et al.  Analysis of dissipation energy of switching digital CMOS gates with coupled outputs , 2003, Microelectron. J..

[11]  Jean-Sébastien Coron,et al.  Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform , 2008, CHES.

[12]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[13]  Jean-Louis Lacoume,et al.  A Proposition for Correlation Power Analysis Enhancement , 2006, CHES.

[14]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[15]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[16]  Christophe Clavier,et al.  Optimal Statistical Power Analysis , 2003, IACR Cryptol. ePrint Arch..

[17]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[18]  Erik Knudsen,et al.  Ways to Enhance Differential Power Analysis , 2002, ICISC.

[19]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[20]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[21]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[22]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[23]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[24]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[25]  Chunjie Duan,et al.  Efficient On-Chip Crosstalk Avoidance CODEC Design , 2009, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[26]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[27]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.