Paper 2009/228

Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis

Benedikt Gierlichs, Lejla Batina, Bart Preneel, and Ingrid Verbauwhede

Abstract

Security devices are vulnerable to side-channel attacks that perform statistical analysis on data leaked from cryptographic computations. Higher-order (HO) attacks are a powerful approach to break protected implementations. They inherently demand multivariate statistics because multiple aspects of signals have to be analyzed jointly. However, all published works on HO attacks follow the approach to first apply a pre-processing function to map the multivariate problem to a univariate problem and then to apply established $1^{st}$ order techniques. We propose a novel and different approach to HO attacks, Multivariate Mutual Information Analysis (MMIA), that allows to directly evaluate joint statistics without pre-processing. While this approach can benefit from a good power model, it also works without an assumption. A thorough empirical evaluation of MMIA and established HO attacks confirms the overwhelming advantage of the new approach: MMIA is more efficient and less affected by noise. Most important and opposed to all published approaches, MMIA's measurement cost grows sub-exponentially with the attack order. As a consequence, the security provided by the masking countermeasure needs to be reconsidered as $3^{rd}$ and higher order attacks become very practical.