Optimal side-channel attacks for multivariate leakages and multiple models

Side-channel attacks allow to extract secret keys from embedded systems like smartcards or smartphones. In practice, the side-channel signal is measured as a trace consisting of several samples. Also, several sensitive bits are manipulated in parallel, each leaking differently. Therefore, the informed attacker needs to devise side-channel distinguishers that can handle both multivariate leakages and multiple models. In the state of the art, these two issues have two independent solutions: on the one hand, dimensionality reduction can cope with multivariate leakage; on the other hand, online stochastic approach can cope with multiple models. In this paper, we combine both solutions to derive closed-form expressions of the resulting optimal distinguisher in terms of matrix operations, in all situations where the model can be either profiled offline or regressed online. Optimality here means that the success rate is maximized for a given number of traces. We recover known results for uni- and bivariate models (including correlation power analysis) and investigate novel distinguishers for multiple models with more than two parameters. In addition, following ideas from the AsiaCrypt’2013 paper “Behind the Scene of Side-Channel Attacks,” we provide fast computation algorithms in which the traces are accumulated prior to computing the distinguisher values.

[1]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[2]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[3]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[4]  Elisabeth Oswald,et al.  Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer , 2014, ASIACRYPT.

[5]  François-Xavier Standaert,et al.  Univariate Side Channel Attacks and Leakage Modeling – Extended Version – , 2011 .

[6]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[7]  Takeshi Sugawara,et al.  Profiling attack using multivariate regression analysis , 2010, IEICE Electron. Express.

[8]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[9]  Sylvain Guilley,et al.  Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory , 2014, IACR Cryptol. ePrint Arch..

[10]  Emmanuel Prouff,et al.  A New Second-Order Side Channel Attack Based on Linear Regression , 2013, IEEE Transactions on Computers.

[11]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[12]  Sylvain Guilley,et al.  Less is More - Dimensionality Reduction from a Theoretical Perspective , 2015, CHES.

[13]  Romain Poussier,et al.  Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment , 2015, FSE.

[14]  Emmanuel Prouff,et al.  Behind the Scene of Side Channel Attacks , 2013, ASIACRYPT.

[15]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[16]  Sylvain Guilley,et al.  Boosting Higher-Order Correlation Attacks by Dimensionality Reduction , 2014, SPACE.

[17]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.