Cryptography Reference
In-Depth Information
the conditional entropy of
K
given
L
, can be rewritten as
∞
2
log
2
N
l
(μ
k
,
x
,σ
)
k
∗
N
l
(μ
k
∗
,
x
,σ
2
H
[
K
|
L
]=−
Pr
[
k
]·
Pr
[
x
]·
N
l
(μ
k
,
x
,σ
)
·
dl
.
2
)
x
k
−∞
There are different factors that influence this conditional entropy. The first one is
obviously the simulated power trace. The second one is the standard deviation of the
noise in the leakage. The size of the power traces is also important: simulated traces
are typically composed of several thousands of samples. Hence, directly applying
multivariate statistics on these large dimensionality variables is hardly tractable.
In order to reduce the dimensionality of the power traces, some compression
techniques such as the Principal Component Analysis (PCA) [259] and integration
over the full trace were proposed in the past. For the experiment carried out in this
work, we used the latter, namely we first integrated the noise-free trace to reduce its
dimensionality and then we evaluated the entropy. Therefore, the mutual information
is extracted from a trace that was first compressed to one, single sample.
Given the conditional entropy one can calculate the so-called mutual information
[384] (which intuitively quantifies what the adversary knows about the secret key
K
assuming that he has the knowledge of the leakage
L
) as follows:
I
[
K
,
L
]=
H
[
K
]−
H
[
K
|
L
]
where H
[
K
]
is the entropy. Since all key values are equally probable, H
[
K
]
is equal
to
n
which is the number of bits of the key
K
.
Figure
15.8
depicts the value of the mutual information for each considered error
detection/correction circuit as a function of the standard deviation of the noise. Intu-
itively, the higher the number of bits available to the attacker, the lower the resistance
against the power analysis attack. In the left part of the graph, where the noise level
is under a certain threshold, all the circuits have information leakage as high as 8.
This means that the attack is not affected by the presence of the particular circuit
used, since it will be successful in any case. This confirms the results presented in
Sects.
15.4.1
and
15.4.2
, which have shown that when noise is completely absent,
the effectiveness of both Kocher's and Pearson's DPAs was not affected by the pres-
ence of error detection/correction circuits. Figure
15.8
also depicts the dual situation,
which corresponds to the case where the noise level is higher than a certain threshold;
here too, the attack is not affected by the particular circuit used. However, in this case
the mutual information is always 0, and the adversary will not be able to retrieve the
secret key in any case.
When the standard deviation of the noise is in the middle interval, it is possi-
ble to quantify the effect that each of the error detection circuits can have on the
strongest possible power analysis attack. The reference S-box (the one without any
error detection code) is characterized by the smallest number of bits leaked, followed
by the parity scheme. The two worst circuits are the ones implementing the residue
codes modulo 3 or 7. The graph thus confirms the intuition that, except for the case
