Cryptography Reference
In-Depth Information
algorithm. Suppose an attacker wants to target an intermediate value computed
with the function
F
that takes as parameters
X
and
K
.Let
L
be a random
variable representing the side-channel leakage generated by the computation of
F
(
X, K
). In practice, the attacker is only able to obtain
N
realizations of the
random variable
L
,noted
V
L
=(
l
1
,...,l
N
), as he inputs
N
different values of
X
,
noted
V
X
=(
x
1
,...,x
N
). Using a distinguisher function
D
, he combines these
two vectors plus an hypothesis on the value of the secret
k
. If the distinguisher
D
is relevant and if the leakage vector
V
L
brings enough information on
F
(
X, K
),
then the correct value
k
taken by
K
can be recovered. In the literature, some
worked on creating a model for
F
(
X, K
). For example, taking the Hamming
weight of the output of
F
[18], the Hamming distance [4] or simply its value [8]
was considered. Other researches were conducted on the distinguisher function
D
that plays a fundamental role in the attack. Depending on the choice, the
function is able to extract more or less information from the side-channel leak-
ages. We briefly review in the following the statistical tests used as function
D
proposed in the literature.
3.2
Difference of Means
Kocher et al. [13] proposed the concept of differential side-channel attack in
1999. In their original paper, the authors use a Difference of Means (DoM) as
distinguisher function. It is in fact a simplified student T-test, a well-known
statistical test. For simplicity reasons, we suppose the function
F
(
X, K
)only
outputs the least significant bit of the result. Let
k
be an hypothesis on the
secret. The attacker can form two sets:
F
(
x
j
,k
)=0
F
(
x
j
,k
)=1
G
0
=
{
L
|
}
and
G
1
=
{
L
|
}
.
Finally, he computes the difference of means between the two partitions as:
l∈G
0
l
|
l∈G
1
l
|
Δ
k
=
−
.
G
0
|
G
1
|
If the attacker detects a significant difference between the two sets, he can sup-
pose that the hypothesis
k
is correct.
3.3
Pearson Correlation Factor
Introduced by Brier et al. [4] in the context of side-channel analysis, the Pearson
correlation factor, also called Pearson rho or product-moment correlation, mea-
sures linear dependencies between two variables
X
and
L
. The authors called
the attack Correlation Power Analysis (CPA). In practice, if the attacker is only
able to obtain
N
realizations of the leakage function, then the formula is:
N
i
l
i
F
(
x
i
,k
)
(
i
l
i
i
F
(
x
i
,k
))
−
N
i
l
i
−
(
i
l
i
)
2
N
i
F
(
x
i
,k
)
2
ρ
k
(
X, L
)=
(
i
F
(
x
i
,k
))
2
.
−
Search WWH ::
Custom Search