Cryptology ePrint Archive: Report 2013/706

How to Certify the Leakage of a Chip?

François Durvaux and François-Xavier Standaert and Nicolas Veyrat-Charvillon

Abstract: Evaluating side-channel attacks and countermeasures requires determining the amount of information leaked by a target device. For this purpose, information extraction procedures published so far essentially combine a "leakage model" with a "distinguisher". Fair evaluations ideally require exploiting a perfect leakage model (i.e. exactly corresponding to the true leakage distribution) with a Bayesian distinguisher. But since such perfect models are generally unknown, density estimation techniques have to be used to approximate the leakage distribution. This raises the fundamental problem that all security evaluations are potentially biased by both estimation and assumption errors. Hence, the best that we can hope is to be aware of these errors. In this paper, we provide and implement methodological tools to solve this issue. Namely, we show how sound statistical techniques allow both quantifying the leakage of a chip, and certifying that the amount of information extracted is close to the maximum value that would be obtained with a perfect model.

Category / Keywords: implementation / side-channel analysis, certification, fair evaluation, cross-validation.

Original Publication (with major differences): IACR-EUROCRYPT-2014

Date: received 29 Oct 2013, last revised 8 Feb 2014

Contact author: fstandae at uclouvain be

Available format(s): PDF | BibTeX Citation

Note: Long version of the Eurocrypt paper.

Version: 20140208:125425 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]