Paper 2022/490

Information Bounds and Convergence Rates for Side-Channel Security Evaluators

Loïc Masure, UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
Gaëtan Cassiers, UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium, TU Graz, Graz, Austria
Julien Hendrickx, UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
François-Xavier Standaert, UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
Abstract

Current side-channel evaluation methodologies exhibit a gap between inefficient tools offering strong theoretical guarantees and efficient tools only offering heuristic (sometimes case-specific) guarantees. Profiled attacks based on the empirical leakage distribution correspond to the first category. Bronchain et al. showed at Crypto 2019 that they allow bounding the worst-case security level of an implementation, but the bounds become loose as the leakage dimensionality increases. Template attacks and machine learning models are examples of the second category. In view of the increasing popularity of such parametric tools in the literature, a natural question is whether the information they can extract can be bounded. In this paper, we first show that a metric conjectured to be useful for this purpose, the hypothetical information, does not offer such a general bound. It only does when the assumptions exploited by a parametric model match the true leakage distribution. We therefore introduce a new metric, the training information, that provides the guarantees that were conjectured for the hypothetical information for practically-relevant models. We next initiate a study of the convergence rates of profiled side-channel distinguishers which clarifies, to the best of our knowledge for the first time, the parameters that influence the complexity of a profiling. On the one hand, the latter has practical consequences for evaluators as it can guide them in choosing the appropriate modeling tool depending on the implementation (e.g., protected or not) and contexts (e.g., granting them access to the countermeasures’ randomness or not). It also allows anticipating the amount of measurements needed to guarantee a sufficient model quality. On the other hand, our results connect and exhibit differences between side-channel analysis and statistical learning theory.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2023
Keywords
Profiled AttacksPerceived InformationTraining Information
Contact author(s)
loic masure @ uclouvain be
gaetan cassiers @ iaik tugraz at
fstandae @ uclouvain be
History
2023-04-14: revised
2022-04-23: received
See all versions
Short URL
https://ia.cr/2022/490
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/490,
      author = {Loïc Masure and Gaëtan Cassiers and Julien Hendrickx and François-Xavier Standaert},
      title = {Information Bounds and Convergence Rates for Side-Channel Security Evaluators},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/490},
      year = {2022},
      url = {https://eprint.iacr.org/2022/490}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.