## Cryptology ePrint Archive: Report 2019/1248

A Comparison of Chi^2-Test and Mutual Information as Distinguisher for Side-Channel Analysis

Bastian Richter and David Knichel and Amir Moradi

Abstract: Masking is known as the most widely studied countermeasure against side-channel analysis attacks. Since a masked implementation is based on a certain number of shares (referred to as the order of masking), it still exhibits leakages at higher orders. In order to exploit such leakages, higher-order statistical moments individually at each order need to be estimated reflecting the higher-order attacks. Instead, Mutual Information Analysis (MIA) known for more than 10 years avoids such a moment-based analysis by considering the entire distribution for the key recovery. Recently the $\chi^2$-test has been proposed for leakage detection and as a distinguisher where also the whole distribution of the leakages is analyzed. In this work, we compare these two schemes to examine their dependency. Indeed, one of the goals of this research is to conclude whether one can outperform the other. In addition to a theoretical comparison, we present two case studies and their corresponding practical evaluations. Both case studies are masked hardware implementations; one is an FPGA-based realization of a threshold implementation of PRESENT, and the other is an AES implementation as a coprocessor on a commercial smart card.

Category / Keywords: implementation / chi squared test, mutual information analysis, side-channel attacks

Original Publication (in the same form): CARDIS 2019 - 18th Smart Card Research and Advanced Application Conference

Date: received 24 Oct 2019, last revised 24 Oct 2019

Contact author: bastian richter at rub de

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2019/1248

[ Cryptology ePrint archive ]