Practical vs. theoretical evaluation of DPA and CPA

Annelie Heuser 1, 2, 3 Sylvain Guilley 3, 2 Olivier Rioul 1, 2
1 COMNUM - Communications Numériques
LTCI - Laboratoire Traitement et Communication de l'Information
3 SSH - Secure and Safe Hardware
LTCI - Laboratoire Traitement et Communication de l'Information
Abstract :

Different side-channel distinguishers may have different efficiencies, however, their fair comparison is a difficult task, since many factors come into play. In particular, their intrinsic statistical properties and the quality of their estima- tion are significant factors. Apart from formulating a framework that can be carried out for various distinguishers [8, 10], several works concentrated on the evaluation of the efficiency of certain attacks individually.

More precisely, first works concentrated on finding a link between the Signal- to-noise ratio (SNR) of the power measurements and the effectiveness of the attack. E.g. in [5] the author presents a statistical model for CPA [1], finding an approximation of the success rate. An extension of this work has been given in [9]. While these works only focused on the correct key guess, Rivain first determined the exact success rate of CPA in [6] assuming an uniform setting in terms of the leakage model.

Recently, Fei et al. introduced a new methodology to evaluate side-channel distinguishers [2] giving the example of DPA [4]. Their approach consists in estimating the success rate of DPA due to the characterization of the physical implementation as well as the cryptographic algorithm. In particular, the authors provided an estimation of the success rate depending on the relationship between the correct and incorrect key hypothesis (named as confusion), the number of measurements and the SNR. In this talk, we generalize the idea of [2], that has been restricted to the ap- plication of one-bit DPA, to any additive distinguishers and show an application to CPA. Moreover, given the generalized estimation results, we further highlight a new framework to classify distinguishers, which may close the gap between purely practical and purely theoretical evaluations.

Complete list of metadatas

https://hal.telecom-paristech.fr/hal-02286734
Contributor : Telecomparis Hal <>
Submitted on : Friday, September 13, 2019 - 4:06:55 PM
Last modification on : Thursday, October 17, 2019 - 12:37:03 PM

Identifiers

  • HAL Id : hal-02286734, version 1

Citation

Annelie Heuser, Sylvain Guilley, Olivier Rioul. Practical vs. theoretical evaluation of DPA and CPA. 3rd International Workshop on Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers (CrossFyre'13), Jun 2013, KU Leuven, Belgium. ⟨hal-02286734⟩

Share

Metrics

Record views

8