Paper 2024/124

Perceived Information Revisited II: Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks

Akira Ito, NTT Social Informatics Laboratories
Rei Ueno, Kyoto University
Naofumi Homma, Tohoku University
Abstract

Previous studies on deep-learning-based side-channel attacks (DL-SCAs) have shown that traditional performance evaluation metrics commonly used in DL, like accuracy and F1 score, are not effective in evaluating DL-SCA performance. Therefore, some previous studies have proposed new alternative metrics for evaluating the performance of DL-SCAs. Notably, perceived information (PI) and effective perceived information (EPI) are major metrics based on information theory. While it has been experimentally confirmed that these metrics can give the attack success rate (SR) for DL-SCAs, their theoretical validity remains unclear. In this paper, we propose a new theoretically valid performance evaluation metric called latent perceived information (LPI), which serves as an alternative to the existing metrics. LPI is defined as the mutual information between the output of the feature extractor of a neural network (NN) model and the intermediate value, representing the potential attack performance of the trained model. First, we prove that LPI provides an upper bound on the SR of a DL-SCA by modeling and formulating DL-SCA as a communication channel. Additionally, we clarify the conditions under which PI and EPI theoretically provide an upper bound on the SR from the perspective of LPI. For practical computation of LPI, we present two methods. One utilizes the Kraskov (KSG) estimator, a common mutual information estimator, and the other is based on logistic regression. While the KSG estimator is computationally intensive, it yields accurate LPI values. In contrast, the logistic regression is faster but provides a lower bound for LPI. Through experimental attacks on AES software and hardware implementations with masking countermeasures, we demonstrate that the LPI values estimated by these two methods are significantly similar, indicating the reliability and soundness of our proposed estimation techniques. Furthermore, we show that, by using the logistic regression as a classifier, we can significantly improve the attack performance of the trained model when the difference between the SR upper bound by the LPI and its actual SR is large. This indicates that LPI represents the potential for performance improvement in the trained model. Therefore, our study contributes to optimizing the distinguisher for attack performance using the trained model.

Note: We have modified the definition of LPI, and proposed two new estimation methods for LPI in this revision.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TCHES 2025
Keywords
Profiled side-channel attacksPerceived informationSuccess rateDeep learningInformation theory
Contact author(s)
akira itoh @ ntt com
ueno rei 2e @ kyoto-u ac jp
naofumi homma c8 @ tohoku ac jp
History
2024-10-16: last of 3 revisions
2024-01-29: received
See all versions
Short URL
https://ia.cr/2024/124
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/124,
      author = {Akira Ito and Rei Ueno and Naofumi Homma},
      title = {Perceived Information Revisited {II}: Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/124},
      year = {2024},
      url = {https://eprint.iacr.org/2024/124}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.