Leakage Certification Made Simple

Aakash Chowdhury; Arnab Roy; Carlo Brunetta; Elisabeth Oswald

Leakage Certification Made Simple

Aakash Chowdhury, Arnab Roy, Carlo Brunetta, Elisabeth Oswald

Computer Science

Research output: Working paper/Preprint › Preprint

Abstract

Side channel evaluations benefit from sound characterisations of adversarial leakage models, which are the determining factor for attack success. Two questions are of interest: can we estimate a quantity that captures the ideal adversary (who knows the distributions that are involved in an attack), and can we judge how good one (or several) given leakage models are in relation to the ideal adversary?

Existing work has led to a proliferation of custom quantities (the hypothetical information HI, perceived informatino PI, training information TI, and learnable information LI). These quantities all provide only (loose) bounds for the ideal adversary, they are slow to estimate, convergence guarantees are only for discrete distributions, and they have bias.

Our work shows that none of these quantities is necessary: it is possible to characterise the ideal adversary precisely via the mutual information between the device inputs and the observed side channel traces. We achieve this result by a careful characterisation of the distributions in play. We also put forward a mutual information based approach to leakage certification, with a consistent estimator, and demonstrate via a range of case studies that our approach is simpler, faster, and correct.

Original language	English
Publisher	Cryptology ePrint Archive
Publication status	Published - 12 Sept 2022

Keywords

Side channels
Evaluation
Leakage Certification
Mutual Information Estimation

Access to Document

https://eprint.iacr.org/2022/1201Licence: Creative Commons: Attribution-NonCommercial (CC BY-NC)

Cite this

@techreport{e88b97a00add4d26bf26fc6fb7763f17,

title = "Leakage Certification Made Simple",

abstract = "Side channel evaluations benefit from sound characterisations of adversarial leakage models, which are the determining factor for attack success. Two questions are of interest: can we estimate a quantity that captures the ideal adversary (who knows the distributions that are involved in an attack), and can we judge how good one (or several) given leakage models are in relation to the ideal adversary? Existing work has led to a proliferation of custom quantities (the hypothetical information HI, perceived informatino PI, training information TI, and learnable information LI). These quantities all provide only (loose) bounds for the ideal adversary, they are slow to estimate, convergence guarantees are only for discrete distributions, and they have bias. Our work shows that none of these quantities is necessary: it is possible to characterise the ideal adversary precisely via the mutual information between the device inputs and the observed side channel traces. We achieve this result by a careful characterisation of the distributions in play. We also put forward a mutual information based approach to leakage certification, with a consistent estimator, and demonstrate via a range of case studies that our approach is simpler, faster, and correct.",

keywords = "Side channels, Evaluation, Leakage Certification, Mutual Information Estimation",

author = "Aakash Chowdhury and Arnab Roy and Carlo Brunetta and Elisabeth Oswald",

year = "2022",

month = sep,

day = "12",

language = "English",

publisher = "Cryptology ePrint Archive",

type = "WorkingPaper",

institution = "Cryptology ePrint Archive",

}

TY - UNPB

T1 - Leakage Certification Made Simple

AU - Chowdhury, Aakash

AU - Roy, Arnab

AU - Brunetta, Carlo

AU - Oswald, Elisabeth

PY - 2022/9/12

Y1 - 2022/9/12

N2 - Side channel evaluations benefit from sound characterisations of adversarial leakage models, which are the determining factor for attack success. Two questions are of interest: can we estimate a quantity that captures the ideal adversary (who knows the distributions that are involved in an attack), and can we judge how good one (or several) given leakage models are in relation to the ideal adversary? Existing work has led to a proliferation of custom quantities (the hypothetical information HI, perceived informatino PI, training information TI, and learnable information LI). These quantities all provide only (loose) bounds for the ideal adversary, they are slow to estimate, convergence guarantees are only for discrete distributions, and they have bias. Our work shows that none of these quantities is necessary: it is possible to characterise the ideal adversary precisely via the mutual information between the device inputs and the observed side channel traces. We achieve this result by a careful characterisation of the distributions in play. We also put forward a mutual information based approach to leakage certification, with a consistent estimator, and demonstrate via a range of case studies that our approach is simpler, faster, and correct.

AB - Side channel evaluations benefit from sound characterisations of adversarial leakage models, which are the determining factor for attack success. Two questions are of interest: can we estimate a quantity that captures the ideal adversary (who knows the distributions that are involved in an attack), and can we judge how good one (or several) given leakage models are in relation to the ideal adversary? Existing work has led to a proliferation of custom quantities (the hypothetical information HI, perceived informatino PI, training information TI, and learnable information LI). These quantities all provide only (loose) bounds for the ideal adversary, they are slow to estimate, convergence guarantees are only for discrete distributions, and they have bias. Our work shows that none of these quantities is necessary: it is possible to characterise the ideal adversary precisely via the mutual information between the device inputs and the observed side channel traces. We achieve this result by a careful characterisation of the distributions in play. We also put forward a mutual information based approach to leakage certification, with a consistent estimator, and demonstrate via a range of case studies that our approach is simpler, faster, and correct.

KW - Side channels

KW - Evaluation

KW - Leakage Certification

KW - Mutual Information Estimation

M3 - Preprint

BT - Leakage Certification Made Simple

PB - Cryptology ePrint Archive

ER -

Leakage Certification Made Simple

Abstract

Keywords

Access to Document

Fingerprint

Cite this