Cryptography Reference
In-Depth Information
practice, the attacker sorts eigenvectors by their eigenvalues, from the highest to
the lowest. This gives the components in order of significance. Most of the time,
only few
M'
components account for meaningful amount of variance. Thus, only
these first
M'
components will be retained. The decision on the number of the
M'
best components could be achieved by performing some deciding tests such
as the Kaiser criterion, the scree test or the cumulative variance criteria [13].
3 FPCA: The Attack Process
In the SCA field, PCA has often been used as pre-processing tool to minimize
the coding complexity by reducing the dimensionality of recorded traces [3, 29].
By contrast, our approach is different in the sense that PCA is used as an attack
tool to retrieve the secret information. Indeed, FPCA uses the projection on the
first principal components to tell good
secret key
candidates from incorrect ones.
FPCA shares some key points with first-order SCA, differential and correlation
power analysis (DPA and CPA). As stated before, FPCA does not require a
detailed knowledge about the cryptographic device to be performed. It exploits
data dependency of the power consumption of the device under attack. The main
difference with first-order SCAs resides in the way to distinguish the behaviour
of the good key hypothesis. In fact, we remind that each attack has its own
statistical test, referred to as distinguisher [30, 9], which allows the attacker to
detect the value of the secret key. In this context, FPCA comes with a new
distinguisher for side channel analysis. In the rest of this section, we detail the
different steps needed to perform a FPCA, while introducing our notations at
the same time. One schematic description of FPCA attack is depicted in Fig. 1.
3.1 Preliminary Preparation Phase
This phase is common with differential and correlation power attacks. Suppose
that
T
power consumption traces are recorded while a cryptographic device
is performing an encryption or a decryption operation. Collected traces are
L
-
dimensional time vectors. The attacker chooses an intermediate result of the
cryptographic algorithm that is processed by the cryptographic implementation.
The intermediate value denoted by
f(d,k)
is a function that takes two parameters.
The first parameter denoted by
d
is a known data value that can be either
the plain text or the cipher text. The number of data values is equal to
T
,
the number of recorded traces. These known data values are represented by a
vector
D
vect
=(
d
1
,d
2
,...,d
D
)ofsize
D
. The second parameter, denoted by
k
, is secret, hence unknown. Indeed,
k
is a small part of the cryptographic key
and can take
K
possible values referred to as key hypotheses that we write as a
vector
K
vect
=(
k
1
,k
2
,...,k
K
).
Thus, the
trace
can be written as a matrix of size
D
L
. Given vectors
D
vect
and
K
vect
, the attacker is able to compute, without diculties, the hypothet-
ical intermediate value
f(d,k)
for all
K
key hypotheses and for all
T
executed
cryptographic operation. Then the attacker builds a matrix
V
of size
K
×
×
T
:
Search WWH ::
Custom Search