Cryptology ePrint Archive: Report 2014/527

Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory

Annelie Heuser and Olivier Rioul and Sylvain Guilley

Abstract: We find mathematically optimal side-channel distinguishers by looking at the side-channel as a communication channel. Our methodology can be adapted to any given scenario (device, signal-to-noise ratio, noise distribution, leakage model, etc.). When the model is known and the noise is Gaussian, the optimal distinguisher outperforms CPA and covariance. However, we show that CPA is optimal when the model is only known on a proportional scale. For non-Gaussian noise, we obtain different optimal distinguishers, one for each noise distribution. When the model is imperfectly known, we consider the scenario of a weighted sum of the sensitive variable bits where the weights are unknown and drawn from a normal law. In this case, our optimal distinguisher performs better than the classical linear regression analysis.

Category / Keywords: applications / Side-channel analysis, distinguisher, communication channel, maxi- mum likelihood, correlation power analysis, uniform noise, Laplacian noise.

Original Publication (with minor differences): IACR-CHES-2014

Date: received 6 Jul 2014, last revised 5 Jan 2015

Contact author: sylvain guilley at telecom-paristech fr

Available format(s): PDF | BibTeX Citation

Note: Mentioning that "optimal statistical power analysis" (IACR ePrint: https://eprint.iacr.org/2003/152 ) was indeed ... correctly termed "optimal" (under some assumptions -- like noise Gaussianity and large number of traces with uniformly distributed plaintexts), in that Pearson Correlation is indeed the optimal statistical distinguisher.

Version: 20150106:000305 (All versions of this report)

Short URL: ia.cr/2014/527

Discussion forum: Show discussion | Start new discussion