Paper 2019/132
Leakage Certification Revisited: Bounding Model Errors in SideChannel Security Evaluations
Olivier Bronchain, Julien M. Hendrickx, Clément Massart, Alex Olshevsky, and FrançoisXavier Standaert
Abstract
Leakage certification aims at guaranteeing that the statistical models used in sidechannel security evaluations are close to the true statistical distribution of the leakages, hence can be used to approximate a worstcase security level. Previous works in this direction were only qualitative: for a given amount of measurements available to an evaluation laboratory, they rated a model as "good enough" if the model assumption errors (i.e., the errors due to an incorrect choice of model family) were small with respect to the model estimation errors. We revisit this problem by providing the first quantitative tools for leakage certification. For this purpose, we provide bounds for the (unknown) Mutual Information metric that corresponds to the true statistical distribution of the leakages based on two easytocompute information theoretic quantities: the Perceived Information, which is the amount of information that can be extracted from a leaking device thanks to an estimated statistical model, possibly biased due to estimation and assumption errors, and the Hypothetical Information, which is the amount of information that would be extracted from an hypothetical device exactly following the model distribution. This positive outcome derives from the observation that while the estimation of the Mutual Information is in general a hard problem (i.e., estimators are biased and their convergence is distributiondependent), it is significantly simplified in the case of statistical inference attacks where a target random variable (e.g., a key in a cryptographic setting) has a constant (e.g., uniform) probability. Our results therefore provide a general and principled path to bound the worstcase security level of an implementation. They also significantly speed up the evaluation of any profiled sidechannel attack, since they imply that the estimation of the Perceived Information, which embeds an expensive crossvalidation step, can be bounded by the computation of a cheaper Hypothetical Information, for any estimated statistical model.
Metadata
 Available format(s)
 Category
 Implementation
 Publication info
 A minor revision of an IACR publication in CRYPTO 2019
 Keywords
 sidechannel analysissecurity evaluationsmutual information
 Contact author(s)
 fstandae @ uclouvain be
 History
 20190605: last of 2 revisions
 20190213: received
 See all versions
 Short URL
 https://ia.cr/2019/132
 License

CC BY
BibTeX
@misc{cryptoeprint:2019/132, author = {Olivier Bronchain and Julien M. Hendrickx and Clément Massart and Alex Olshevsky and FrançoisXavier Standaert}, title = {Leakage Certification Revisited: Bounding Model Errors in SideChannel Security Evaluations}, howpublished = {Cryptology ePrint Archive, Paper 2019/132}, year = {2019}, note = {\url{https://eprint.iacr.org/2019/132}}, url = {https://eprint.iacr.org/2019/132} }