Cryptography Reference
In-Depth Information
the particular error detection and correction code used and of the attacker's knowledge
of the specific circuit implemented.
15.4.3 Evaluating the Effects of the Check Bits Using
Information Theory
As previously shown, when the power consumption traces are noise-free or include
very little noise, the presence of any one of the considered error detection/correction
circuits does not significantly impact the resistance against the two most common
power analysis attacks.
In order to obtain a more fair comparison among the different error detection and
correction schemes and to quantify the effect that the redundancy may have on the
resistance to power analysis attacks, it is necessary to analyze the behavior of each
circuit in the presence of noise, independently of the particular attack hypothesis and
scenario.
To this end, we use the metric based on information theory proposed by Standaert
et al. [384], which was developed to allow the evaluation of side-channel information
leakage.
Intuitively, this information-theoretic metric measures the resistance against the
strongest possible type of side-channel attack and allows an evaluation that is inde-
pendent of a particular attack scenario. Practically, the metric measures how much
uncertainty about the secret key remains after the attacker takes advantage of the
given information leakage.
More formally, let
K
be a random variable representing the key that the adversary
wants to recover in the side-channel attack. Let
X
be a random variable representing
the known plaintext entering the target operations (in our case the S-box with or with-
out an error detection/correction circuit) and let
L
be a random variable representing
the power consumption traces generated by a computation with input
X
and key
K
.
L
is obtained by adding a certain amount of normally distributed random noise
R
to the power trace
T
produced by a SPICE-level simulation, i.e.,
L
R
.The
conditional entropy
H
between the key
K
and its corresponding leakage
L
is defined
as follows:
=
T
+
H
[
K
|
L
]=−
Pr
[
k
]·
Pr
[
x
]
Pr
[
l
|
k
,
x
]·
log
2
Pr
[
k
|
l
,
x
]
dl
(15.1)
x
k
[
]
[
]
where Pr
k
is the probability of the key
k
,Pr
x
is the probability of the plaintext
x
,Pr
[
l
|
k
,
x
]
is the probability of the leakage
l
given the key-plaintext pair
(
k
,
x
)
,
and Pr
.
The probability density function of
L
is assumed to be approximated by the normal
distribution
[
k
|
l
,
x
]
is the probability of the key
k
given the leakage-plaintext pair
(
l
,
x
)
2
N(μ
k
,
x
,σ
)
, where
μ
k
,
x
is the noise-free leakage measured during the
computation of the
(
k
,
x
)
pair and
σ
is the standard deviation of the noise. As a result,
