Cryptology ePrint Archive: Report 2017/764

Categorising and Comparing Cluster-Based DPA Distinguishers

Xinping Zhou and Carolyn Whitnall and Elisabeth Oswald and Degang Sun and Zhu Wang

Abstract: Side-channel distinguishers play an important role in differential power analysis, where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. A class of distinguishers which can be described as `cluster-based' have the advantage that they are able to exploit multi-dimensional leakage samples in scenarios where only loose, `semi-profiled' approximations of the true leakage forms are available. This is by contrast with univariate distinguishers exploiting only single points (e.g.\ correlation), and Template Attacks requiring concise fitted models which can be overly sensitive to mismatch between the profiling and attack acquisitions. This paper collects together---to our knowledge, for the first time---the various different proposals for cluster-based DPA (concretely, Differential Cluster Analysis, First Principal Components Analysis, and Linear Discriminant Analysis), and shows how they fit within the robust `semi-profiling' attack procedure proposed by Whitnall et al.\ at CHES 2015. We provide discussion of the theoretical similarities and differences of the separately proposed distinguishers as well as an empirical comparison of their performance in a range of (real and simulated) leakage scenarios and with varying parameters. Our findings have application for practitioners constrained to rely on `semi-profiled' models who wish to make informed choices about the best known procedures to exploit such information.

Category / Keywords: implementation / side-channel analysis, DPA, machine learning

Original Publication (in the same form): Selected Areas in Cryptography, 2017

Date: received 8 Aug 2017

Contact author: carolyn whitnall at bristol ac uk

Available format(s): PDF | BibTeX Citation

Version: 20170808:183611 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]