Cryptography Reference
In-Depth Information
Analysis of Nonparametric Estimation Methods
for Mutual Information Analysis
Alexandre Venelli
1
,
2
1
IML - ERISCS UniversitĀ“edelaMediterranee,
Case 907, 163 Avenue de Luminy
13288 Marseille Cedex 09, France
2
Vault-IC France, an INSIDE Contactless Company
Avenue de la Victoire, Z.I. Rousset,
13790 Rousset, France
avenelli@insidefr.com
Abstract.
Mutual Information Analysis (MIA) is a side-channel attack
introduced recently. It uses mutual information, a known information
theory notion, as a side-channel distinguisher. Most previous attacks use
parametric statistical tests and the attacker assumes that the distribu-
tion family of the targeted side-channel leakage information is known.
On the contrary, MIA is a generic attack that assumes the least possible
about the underlying hardware specifications. For example, an attacker
should not have to guess a linear power model and combine it with a
parametric test, like the Pearson correlation factor. Mutual information
is considered to be very powerful however it is dicult to estimate. Re-
sults of MIA can therefore be unreliable and even bias. Several ecient
parametric estimators of mutual information are proposed in the litera-
ture. They are obviously very ecient when the distribution is correctly
guessed. However, we loose the original goal of MIA which is to assume
the least possible about the attacked devices. Hence, nonparametric esti-
mators of mutual information should be considered in more details and,
in particular, their eciency in the side-channel context. We review some
of the most powerful nonparametric methods and compare their perfor-
mance with state-of-the-art side-channel distinguishers.
Keywords:
Side-channel analysis, mutual information analysis, entropy
estimation, nonparametric statistics.
1
Introduction
Side-channel analysis is a technique that uses information leaked by a physical
implementation of cryptographic algorithms. The concept of using side-channel
information to break a cryptosystem was introduced by Kocher [12]. In his paper,
Kocher analyses differences in the computation time of certain cryptographic
operations that depend on a secret. On embedded devices, monitoring the power
consumption or recording the electromagnetic radiations is easy to realize and
is very revealing of the computations executed by the system. Statistical tests
