Paper 2019/1248

A Comparison of Chi^2-Test and Mutual Information as Distinguisher for Side-Channel Analysis

Bastian Richter, David Knichel, and Amir Moradi


Masking is known as the most widely studied countermeasure against side-channel analysis attacks. Since a masked implementation is based on a certain number of shares (referred to as the order of masking), it still exhibits leakages at higher orders. In order to exploit such leakages, higher-order statistical moments individually at each order need to be estimated reflecting the higher-order attacks. Instead, Mutual Information Analysis (MIA) known for more than 10 years avoids such a moment-based analysis by considering the entire distribution for the key recovery. Recently the $\chi^2$-test has been proposed for leakage detection and as a distinguisher where also the whole distribution of the leakages is analyzed. In this work, we compare these two schemes to examine their dependency. Indeed, one of the goals of this research is to conclude whether one can outperform the other. In addition to a theoretical comparison, we present two case studies and their corresponding practical evaluations. Both case studies are masked hardware implementations; one is an FPGA-based realization of a threshold implementation of PRESENT, and the other is an AES implementation as a coprocessor on a commercial smart card.

Available format(s)
Publication info
Published elsewhere. CARDIS 2019 - 18th Smart Card Research and Advanced Application Conference
chi squared testmutual information analysisside-channel attacks
Contact author(s)
bastian richter @ rub de
2019-10-28: received
Short URL
Creative Commons Attribution


      author = {Bastian Richter and David Knichel and Amir Moradi},
      title = {A Comparison of Chi^2-Test and Mutual Information as Distinguisher for Side-Channel Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1248},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.