### Simulatable Leakage: Analysis, Pitfalls, and new Constructions

J. Longo Galea, D. Martin, E. Oswald, D. Page, M. Stam, and M. Tunstall

##### Abstract

In 2013, Standaert \emph{et al.} proposed the notion of simulatable leakage to connect theoretical leakage resilience with the practice of side channel attacks. Their use of simulators, based on physical devices, to support proofs of leakage resilience allows verification of underlying assumptions: the indistinguishability game, involving real vs. simulated leakage, can be played' by an evaluator. Using a concrete, block cipher based leakage resilient PRG and high-level simulator definition (based on concatenating two partial leakage traces), they included detailed reasoning why said simulator (for AES-128) resists state-of-the-art side channel attacks. \\\\ In this paper, we demonstrate a distinguisher against their simulator and thereby falsify their hypothesis. Our distinguishing technique, which is evaluated using concrete implementations of the Standaert \emph{et al.} simulator on several platforms, is based on tracking' consistency (resp. identifying simulator {\em in}consistencies) in leakage traces by means of cross-correlation. In attempt to rescue the approach, we propose several alternative simulator definitions based on splitting traces at points of low intrinsic cross-correlation. Unfortunately, these come with significant caveats, and we conclude that the most natural way of producing simulated leakage is by using the underlying construction as is' (but with a random key).

Note: Revision for updated title, author list and to reflect the ASIACRYPT submission.

Available format(s)
Publication info
A minor revision of an IACR publication in ASIACRYPT 2014
Keywords
leakage resilienceside channel attacksimulatable leakagecross-correlation
Contact author(s)
Elisabeth Oswald @ bristol ac uk
History
2014-09-17: revised
See all versions
Short URL
https://ia.cr/2014/357

CC BY

BibTeX

@misc{cryptoeprint:2014/357,
author = {J.  Longo Galea and D.  Martin and E.  Oswald and D.  Page and M.  Stam and M.  Tunstall},
title = {Simulatable Leakage: Analysis, Pitfalls, and new Constructions},
howpublished = {Cryptology ePrint Archive, Paper 2014/357},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/357}},
url = {https://eprint.iacr.org/2014/357}
}
`
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.