Paper 2013/706
How to Certify the Leakage of a Chip?
François Durvaux, François-Xavier Standaert, and Nicolas Veyrat-Charvillon
Abstract
Evaluating side-channel attacks and countermeasures requires determining the amount of information leaked by a target device. For this purpose, information extraction procedures published so far essentially combine a "leakage model" with a "distinguisher". Fair evaluations ideally require exploiting a perfect leakage model (i.e. exactly corresponding to the true leakage distribution) with a Bayesian distinguisher. But since such perfect models are generally unknown, density estimation techniques have to be used to approximate the leakage distribution. This raises the fundamental problem that all security evaluations are potentially biased by both estimation and assumption errors. Hence, the best that we can hope is to be aware of these errors. In this paper, we provide and implement methodological tools to solve this issue. Namely, we show how sound statistical techniques allow both quantifying the leakage of a chip, and certifying that the amount of information extracted is close to the maximum value that would be obtained with a perfect model.
Note: Long version of the Eurocrypt paper.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- A major revision of an IACR publication in EUROCRYPT 2014
- Keywords
- side-channel analysiscertificationfair evaluationcross-validation.
- Contact author(s)
- fstandae @ uclouvain be
- History
- 2014-02-08: last of 2 revisions
- 2013-11-03: received
- See all versions
- Short URL
- https://ia.cr/2013/706
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/706,
author = {François Durvaux and François-Xavier Standaert and Nicolas Veyrat-Charvillon},
title = {How to Certify the Leakage of a Chip?},
howpublished = {Cryptology ePrint Archive, Paper 2013/706},
year = {2013},
note = {\url{https://eprint.iacr.org/2013/706}},
url = {https://eprint.iacr.org/2013/706}
}
