Abstract
Side-channel distinguishers play an important role in differential power analysis, where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. A class of distinguishers which can be described as ‘cluster-based’ have the advantage that they are able to exploit multi-dimensional leakage samples in scenarios where only loose, ‘semi-profiled’ approximations of the true leakage forms are available. This is by contrast with univariate distinguishers exploiting only single points (e.g. correlation), and Template Attacks requiring concise fitted models which can be overly sensitive to mismatch between the profiling and attack acquisitions. This paper collects together—to our knowledge, for the first time—the various different proposals for cluster-based DPA (concretely, Differential Cluster Analysis, First Principal Components Analysis, and Linear Discriminant Analysis), and shows how they fit within the robust ‘semi-profiling’ attack procedure proposed by Whitnall et al. at CHES 2015. We provide discussion of the theoretical similarities and differences of the separately proposed distinguishers as well as an empirical comparison of their performance in a range of (real and simulated) leakage scenarios and with varying parameters. Our findings have application for practitioners constrained to rely on ‘semi-profiled’ models who wish to make informed choices about the best known procedures to exploit such information.
Original language | English |
---|---|
Title of host publication | Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers |
Publisher | Springer Verlag |
Pages | 442-458 |
Number of pages | 17 |
ISBN (Print) | 9783319725642 |
DOIs | |
Publication status | Published - 2018 |
Event | 24th International Conference on Selected Areas in Cryptography, SAC 2017 - Ottawa, Canada Duration: 16 Aug 2017 → 18 Aug 2017 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 10719 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 24th International Conference on Selected Areas in Cryptography, SAC 2017 |
---|---|
Country/Territory | Canada |
City | Ottawa |
Period | 16/08/17 → 18/08/17 |
Bibliographical note
Funding Information:Korak, Thomas Plos and Michael Hutter at TU Graz for supplying us with data from the TAMPRES project [1,7]. This work was supported by the National Natural Science Foundation of China (No. 61372062), and the European Union’s H2020 Programme under grant agreement number ICT-731591 (REASSURE). No research data was created for this paper.
Funding Information:
Institute of Information Engineering, Chinese Academy of Sciences, Beijing, People’s Republic of China {zhouxinping,sundegang,wangzhu}@iie.ac.cn School of Cyber Security, University of Chinese Academy of Sciences, Beijing, People’s Republic of China 3 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol BS8 1UB, UK {Carolyn.Whitnall,Elisabeth.Oswald}@bristol.ac.uk Abstract. Side-channel distinguishers play an important role in differential power analysis, where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. A class of distinguishers which can be described as ‘cluster-based’ have the advantage that they are able to exploit multi-dimensional leakage samples in scenarios where only loose, ‘semi-profiled’ approximations of the true leakage forms are available. This is by contrast with univariate distinguishers exploiting only single points (e.g. correlation), and Template Attacks requiring concise fitted models which can be overly sensitive to mismatch between the profiling and attack acquisitions. This paper collects together—to our knowledge, for the first time—the various different proposals for cluster-based DPA (concretely, Differential Cluster Analysis, First Principal Components Analysis, and Linear Discriminant Analysis), and shows how they fit within the robust ‘semi-profiling’ attack procedure proposed by Whitnall et al. at CHES 2015. We provide discussion of the theoretical similarities and differences of the separately proposed distinguishers as well as an empirical comparison of their performance in a range of (real and simulated) leakage scenarios and with varying parameters. Our findings have application for practitioners constrained to rely on ‘semi-profiled’ models who wish to make informed choices about the best known procedures to exploit such information.
Publisher Copyright:
© Springer International Publishing AG 2018.
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science