Cryptology ePrint Archive: Report 2017/1051

A Novel Use of Kernel Discriminant Analysis as a Higher-Order Side-Channel Distinguisher

Xinping Zhou and Carolyn Whitnall and Elisabeth Oswald and Degang Sun and Zhu Wang

Abstract: Distinguishers play an important role in Side Channel Analysis (SCA), where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. However, the direct relationship between leakages and predictions can be disrupted by the mathematical combining of $d$ random values with each sensitive intermediate value of the cryptographic algorithm (a so-called ``$d$-th order masking scheme''). In the case of software implementations, as long as the masking has been correctly applied, the guessable intermediates will be independent of any one point in the trace, or indeed of any tuple of fewer than $d+1$ points. However, certain $d+1$-tuples of time points may jointly depend on the guessable intermediates. A typical approach to exploiting this data dependency is to pre-process the trace -- computing carefully chosen univariate functions of all possible $d+1$-tuples -- before applying the usual univariate distinguishers. This has a computational complexity which is exponential in the order $d$ of the masking scheme. In this paper, we propose a new distinguisher based on Kernel Discriminant Analysis (KDA) which directly exploits properties of the mask implementation without the need to exhaustively pre-process the traces, thereby distinguishing the correct key with lower complexity.

Category / Keywords: implementation /

Original Publication (in the same form): 17th Smart Card Research and Advanced Application Conference (CARDIS 2017)

Date: received 27 Oct 2017

Contact author: zhouxinping at iie ac cn

Available format(s): PDF | BibTeX Citation

Version: 20171031:151746 (All versions of this report)

Short URL: ia.cr/2017/1051

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]