Cryptology ePrint Archive: Report 2016/294

Evaluation and Improvement of Generic-Emulating DPA Attacks

Weijia Wang and Yu Yu and Junrong Liu and Zheng Guo and Fran├žois-Xavier Standaert Standaert and Dawu Gu and Sen Xu and Rong Fu

Abstract: At CT-RSA 2014, Whitnall, Oswald and Standaert gave the impossibility result that no generic DPA strategies (i.e., without any \emph{a priori} knowledge about the leakage characteristics) can recover secret information from a physical device by considering an injective target function (e.g., AES and PRESENT S-boxes), and as a remedy, they proposed a slightly relaxed strategy ``generic-emulating DPAs'' free from the non-injectivity constraint. However, as we show in this paper, the only generic-emulating DPA proposed in their work, namely the SLR-based DPA, suffers from two drawbacks: unstable outcomes in the high-noise regime (i.e., for a small number of traces) and poor performance especially on real smart cards (compared with traditional DPAs with a specific power model). In order to solve these problems, we introduce two new generic-emulating distinguishers, based on lasso and ridge regression strategies respectively, with more stable and better performances than the SLR-based one. Further, we introduce the cross-validation technique that improves the generic-emulating DPAs in general and might be of independent interest. Finally, we compare the performances of all aforementioned generic-emulating distinguishers (both with and without cross-validation) in simulated leakages functions of different degrees, and on an AES ASIC implementation. Our experimental results show that our generic-emulating distinguishers are stable and some of them behave even better than (resp., almost the same as) the best Difference-of-Means distinguishers in simulated leakages (resp., on a real implementation), and thus make themselves good alternatives to traditional DPAs.

Category / Keywords: implementation / generic side-channel attack, linear regression, cross-validation

Original Publication (with minor differences): IACR-CHES-2015

Date: received 16 Mar 2016, last revised 18 Mar 2016

Contact author: aawwjaa at sjtu edu cn;yyuu at sjtu edu cn;fstandea at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20160318:065236 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]