A Theoretical Study of Kolmogorov-Smirnov Distinguishers: Side-Channel Analysis vs. Differential Cryptanalysis

In this paper, we carry out a detailed mathematical study of two theoretical distinguishers based on the Kolmogorov-Smirnov (KS) distance. This includes a proof of soundness and the derivation of closed-form expressions, which can be split into two factors: one depending only on the noise and the other on the confusion coefficient of Fei, Luo and Ding. This allows one to have a deeper understanding of the relative influences of the signal-to-noise ratio and the confusion coefficient on the distinguisher’s performance. Moreover, one is able to directly compare distinguishers based on their closed-form expressions instead of using evaluation metric that might obscure the actual performance and favor one distinguisher over the other. Furthermore, we formalize the link between the confusion coefficient and differential cryptanalysis, which shows that the stronger an S-box is resistant to differential attacks the weaker it is against side-channel attacks, and vice versa.

[1]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[2]  AN Kolmogorov-Smirnov,et al.  Sulla determinazione empírica di uma legge di distribuzione , 1933 .

[3]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[4]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[5]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[6]  Elisabeth Oswald,et al.  An Exploration of the Kolmogorov-Smirnov Test as a Competitor to Mutual Information Analysis , 2011, CARDIS.

[7]  Debdeep Mukhopadhyay,et al.  Constrained Search for a Class of Good Bijective $S$-Boxes With Improved DPA Resistivity , 2013, IEEE Transactions on Information Forensics and Security.

[8]  Sylvain Guilley,et al.  Comparison between Side-Channel Analysis Distinguishers , 2012, ICICS.

[9]  Dominique De Werra Boolean Models and Methods in Mathematics, Computer Science, and Engineering , 2010, Boolean Models and Methods.

[10]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[11]  Kostas Papagiannopoulos,et al.  Optimality and beyond: The case of 4×4 S-boxes , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[12]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[13]  Peter L. Hammer,et al.  Boolean Models and Methods in Mathematics, Computer Science, and Engineering , 2010, Boolean Models and Methods.

[14]  Ramarathnam Venkatesan,et al.  Progress in Cryptology - INDOCRYPT 2005, 6th International Conference on Cryptology in India, Bangalore, India, December 10-12, 2005, Proceedings , 2005, INDOCRYPT.

[15]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[16]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[17]  Adrian Thillard,et al.  Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack , 2013, CHES.

[18]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[19]  Elisabeth Oswald,et al.  The Myth of Generic DPA...and the Magic of Learning , 2014, CT-RSA.

[20]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[21]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[22]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[23]  Elisabeth Oswald,et al.  A fair evaluation framework for comparing side-channel distinguishers , 2011, Journal of Cryptographic Engineering.

[24]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[25]  François-Xavier Standaert,et al.  Improving the Rules of the DPA Contest , 2008, IACR Cryptol. ePrint Arch..

[26]  Anne Canteaut,et al.  Differential properties of power functions , 2010, 2010 IEEE International Symposium on Information Theory.

[27]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[28]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[29]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[30]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[31]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[32]  Christof Paar,et al.  A Comparative Study of Mutual Information Analysis under a Gaussian Assumption , 2009, WISA.

[33]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[34]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[35]  Claude Carlet,et al.  On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks , 2005, INDOCRYPT.

[36]  Anas Abou El Kalam,et al.  Smart Card Research and Advanced Applications VI , 2013, IFIP International Federation for Information Processing.

[37]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[38]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[39]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[40]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[41]  N. Smirnov Table for Estimating the Goodness of Fit of Empirical Distributions , 1948 .

[42]  Hui Zhao,et al.  Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers , 2013, ISPEC.

[43]  Elisabeth Oswald,et al.  Profiling DPA: Efficacy and Efficiency Trade-Offs , 2013, CHES.