Cryptography Reference
In-Depth Information
multiplicand known by the attacker. As with the previous setup, we do not
consider a power model for the attacks using mutual information with nonpara-
metric estimation. The other attacks assume the Hamming weight model. Each
attack is performed on 20 sets of 2000 power curves. We obtain a slightly differ-
ent performance from several attacks (Fig. 2). As previously, the most powerful
attacks are still CE, CPA and SPE. However BSE seems to perform much better
and is at the same level as CVM, DCA and KDE. The estimators BSE and KDE
are the most ecient nonparametric methods but BSE is more computationally
ecient than KDE, hence an more interesting choice.
120
CPA
CVM
GMIA
KDE
KNN
HE
BSE
CE
SPE
DCA
100
80
60
40
20
0
0
200
400
600
800
1000 1200 1400 1600 1800 2000
Number of curves
Fig. 2.
Guessed entropy results on STK600 curves of a multi-precision multiplication
With this overall comparison of state-of-the-art side-channel distinguishers,
we can note differences between classical statistical tests performance and their
eciency in the side-channel context. For example, the KNN estimator should
be less subject to statistical errors than BSE or KDE. However it performs
worse in this scenario. Classical parametric tests are still amongst the most
powerful in most cases. In particular the recently presented Cumulant-based Es-
timator [16], a parametric estimator of mutual information, is very interesting.
These experimental analysis also show the gain obtained when using ecient
nonparametric estimators of mutual information. Even if the MIA attack is not
Search WWH ::
Custom Search