Paper 2022/490

Information Bounds and Convergence Rates for Side-Channel Security Evaluators

Loïc Masure, Gaëtan Cassiers, Julien Hendrickx, and François-Xavier Standaert

Abstract

Current side-channel evaluation methodologies exhibit a gap between inefficient tools offering strong theoretical guarantees and efficient tools only offering heuristic (sometimes case-specific) guarantees. Profiled attacks based on the empirical leakage distribution correspond to the first category. Bronchain et al. showed at Crypto 2019 that they allow bounding the worst-case security level of an implementation, but the bounds become loose as the leakage dimensionality increases. Template attacks and machine learning models are examples of the second category. In view of the increasing popularity of such parametric tools in the literature, a natural question is whether the information they can extract (with a given choice of set of models) can be bounded. In this paper, we first show that a metric conjectured to be useful for this purpose, the hypothetical information, does not offer such a general bound. It only does when the assumptions exploited by a parametric model match the true leakage distribution. We therefore introduce a new metric, the training information, that provides the guarantees that were conjectured for the hypothetical information for practically-relevant models. We next initiate a study of the convergence rates of profiled side-channel distinguishers which clarifies, to the best of our knowledge for the first time, the parameters that influence the complexity of a profiling. On the one hand, the latter has practical consequences for evaluators as it can guide them in choosing the appropriate modeling tool depending on the implementation (e.g., protected or not) and contexts (e.g., granting them access to the countermeasures’ randomness or not). It also allows anticipating the amount of measurements needed to guarantee a sufficient model quality. On the other hand, our results connect and exhibit differences between side-channel analysis and statistical learning theory.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. Minor revision.
Contact author(s)
loic masure @ uclouvain be
History
2022-04-23: received
Short URL
https://ia.cr/2022/490
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/490,
      author = {Loïc Masure and Gaëtan Cassiers and Julien Hendrickx and François-Xavier Standaert},
      title = {Information Bounds and Convergence Rates for Side-Channel Security Evaluators},
      howpublished = {Cryptology ePrint Archive, Paper 2022/490},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/490}},
      url = {https://eprint.iacr.org/2022/490}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.