TY - GEN
T1 - Confused yet successful
T2 - 14th International Conference on Information Security and Cryptology, Inscrypt 2018
AU - de Chérisey, Eloi
AU - Guilley, Sylvain
AU - Rioul, Olivier
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Many side-channel distinguishers (such as DPA/DoM, CPA, Euclidean Distance, KSA, MIA, etc.) have been devised and studied to extract keys from cryptographic devices. Each has pros and cons and find applications in various contexts. These distinguishers have been described theoretically in order to determine which distinguisher is best for a given context, enabling an unambiguous characterization in terms of success rate or number of traces required to extract the secret key. In this paper, we show that in the case of monobit leakages, the theoretical expression of all distinguishers depend only on two parameters: the confusion coefficient and the signal-to-noise ratio. We provide closed-form expressions and leverage them to compare the distinguishers in terms of convergence speed for distinguishing between key candidates. This study contrasts with previous works where only the asymptotic behavior was determined—when the number of traces tends to infinity, or when the signal-to-noise ratio tends to zero.
AB - Many side-channel distinguishers (such as DPA/DoM, CPA, Euclidean Distance, KSA, MIA, etc.) have been devised and studied to extract keys from cryptographic devices. Each has pros and cons and find applications in various contexts. These distinguishers have been described theoretically in order to determine which distinguisher is best for a given context, enabling an unambiguous characterization in terms of success rate or number of traces required to extract the secret key. In this paper, we show that in the case of monobit leakages, the theoretical expression of all distinguishers depend only on two parameters: the confusion coefficient and the signal-to-noise ratio. We provide closed-form expressions and leverage them to compare the distinguishers in terms of convergence speed for distinguishing between key candidates. This study contrasts with previous works where only the asymptotic behavior was determined—when the number of traces tends to infinity, or when the signal-to-noise ratio tends to zero.
KW - Confusion coefficient
KW - Correlation Power Analysis (CPA)
KW - Difference of Means (DoM)
KW - Differential Power Analysis (DPA)
KW - Kolmogorov-Smirnov Analysis (KSA)
KW - Mutual Information Analysis (MIA)
KW - Side-channel distinguisher
KW - Signal-to-noise ratio
KW - Success exponent
KW - Success rate
UR - https://www.scopus.com/pages/publications/85064109392
U2 - 10.1007/978-3-030-14234-6_28
DO - 10.1007/978-3-030-14234-6_28
M3 - Conference contribution
AN - SCOPUS:85064109392
SN - 9783030142339
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 533
EP - 553
BT - Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers
A2 - Yung, Moti
A2 - Guo, Fuchun
A2 - Huang, Xinyi
PB - Springer Verlag
Y2 - 14 December 2018 through 17 December 2018
ER -