2010 Reports : Cryptology ePrint Archive Forum

Discussion forum for Cryptology ePrint Archive reports posted in 2010.
Please put the report number in the subject.

About 2010/646.

Posted by: **fpautot** (IP Logged)

Date: 22 December 2010 10:54

Same comment as 2010/180: what's the point in violating Total Probability???

HO side-channel cryptanalysis belong to those uncommon parameters estimation problems where the number of (hyper)parameters increases (here linearly) with the sample size.

This is what makes "HO-DPA" particularly interesting, because orthodox methods such as profile maximum likelihood are known to fail (i.e. are inconsistent) in this case (as soon as the number of parameters grows too fast with sample size N (O(sqrt(N)) is already enough if I remember well, here we have O(N))).

Therefore it would be very interesting to compare orthodox estimators such as PMLE to Bayes MAP, as described in 2008/508: again, Extreme Values Theory versus Additive Theory of rvs...

Unfortunalety, it is apparently not yet clear to the authors that we must deal with and marginalize all those masks!

I am unable to understand why everybody in the field is reluctant to derive the subkeys MAP once and for all at least for gaussian attack and non-attack models???

F. Pautot

HO side-channel cryptanalysis belong to those uncommon parameters estimation problems where the number of (hyper)parameters increases (here linearly) with the sample size.

This is what makes "HO-DPA" particularly interesting, because orthodox methods such as profile maximum likelihood are known to fail (i.e. are inconsistent) in this case (as soon as the number of parameters grows too fast with sample size N (O(sqrt(N)) is already enough if I remember well, here we have O(N))).

Therefore it would be very interesting to compare orthodox estimators such as PMLE to Bayes MAP, as described in 2008/508: again, Extreme Values Theory versus Additive Theory of rvs...

Unfortunalety, it is apparently not yet clear to the authors that we must deal with and marginalize all those masks!

I am unable to understand why everybody in the field is reluctant to derive the subkeys MAP once and for all at least for gaussian attack and non-attack models???

F. Pautot

Please log in for posting a message. Only registered users may post in this forum.