Cryptology ePrint Archive: Report 2013/353
Profiling DPA: Efficacy and efficiency trade-offs
Carolyn Whitnall and Elisabeth Oswald
Abstract: Linear regression-based methods have been proposed as efficient means of characterising device leakage in the training phases of profiled side-channel attacks. Empirical comparisons between these and the `classical' approach to template building have confirmed the reduction in profiling complexity to achieve the same attack-phase success, but have focused on a narrow range of leakage scenarios which are especially favourable to simple (i.e.\ efficiently estimated) model specifications. In this contribution we evaluate---from a theoretic perspective as much as possible---the performance of linear regression-based templating in a variety of realistic leakage scenarios as the complexity of the model specification varies. We are particularly interested in complexity trade-offs between the number of training samples needed for profiling and the number of attack samples needed for successful DPA: over-simplified models will be cheaper to estimate but DPA using such a degraded model will require more data to recover the key. However, they can still offer substantial improvements over non-profiling strategies relying on the Hamming weight power model, and so represent a meaningful middle-ground between `no' prior information and `full' prior information.
Category / Keywords: implementation / side-channel analysis, template attacks
Original Publication (in the same form): IACR-CHES-2013
Date: received 7 Jun 2013, last revised 4 Feb 2016
Contact author: carolyn whitnall at bris ac uk
Available format(s): PDF | BibTeX Citation
Note: This article is the final version submitted by the authors to Springer-Verlag on 7th June 2013.
Version: 20160204:094710 (All versions of this report)
Short URL: ia.cr/2013/353
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]