Augmenting leakage detection using bootstrapping. (English) Zbl 1504.94195
Bertoni, Guido Marco (ed.) et al., Constructive side-channel analysis and secure design. 11th international workshop, COSADE 2020, Lugano, Switzerland, April 1–3, 2020. Revised selected papers. Cham: Springer. Lect. Notes Comput. Sci. 12244, 104-119 (2021).
Summary: Side-channel leakage detection methods based on statistical tests, such as \(t\)-test or \(\chi^2\)-test, provide a high confidence in the presence of leakage with a large number of traces. However, practical limitations on testing time and equipment may set an upper-bound on the number of traces available, turning the number of traces into a limiting factor in side-channel leakage detection. We describe a statistical technique, based on statistical bootstrapping, that significantly improves the effectiveness of leakage detection using a limited set of traces. Bootstrapping generates additional sample sets from an initial set by assuming that it is representative of the entire population. The additional sample sets are then used to conduct additional leakage detection tests, and we show how to combine the results of these tests. The proposed technique, applied to side-channel leakage detection, can significantly reduce the number of traces required to detect leakage by one, or more orders of magnitude. Furthermore, for an existing measured sample set, the method can significantly increase the confidence of existing leakage hypotheses over a traditional (non-bootstrap) leakage detection test. This paper introduces the bootstrapping technique for leakage detection, applies it to three practical cases, and describes techniques for its efficient computation.
For the entire collection see [Zbl 1502.94008].
For the entire collection see [Zbl 1502.94008].
MSC:
| 94A60 | Cryptography |
References:
| [1] | Bache, F., Plump, C., Güneysu, T.: Confident leakage assessment—a side-channel evaluation framework based on confidence intervals. In: DATE 2018, pp. 1117-1122. IEEE (2018) |
| [2] | Balasch, J.; Gierlichs, B.; Grosso, V.; Reparaz, O.; Standaert, F-X; Joye, M.; Moradi, A., On the cost of lazy engineering for masked software implementations, Smart Card Research and Advanced Applications, 64-81 (2015), Cham: Springer, Cham · doi:10.1007/978-3-319-16763-3_5 |
| [3] | Brier, E.; Clavier, C.; Olivier, F.; Joye, M.; Quisquater, J-J, Correlation power analysis with a leakage model, Cryptographic Hardware and Embedded Systems - CHES 2004, 16-29 (2004), Heidelberg: Springer, Heidelberg · Zbl 1104.68467 · doi:10.1007/978-3-540-28632-5_2 |
| [4] | Bronchain, O.; Schneider, T.; Standaert, FX, Multi-tuple leakage detection and the dependent signal issue, IACR Transactions on Cryptographic Hardware and Embedded Systems, 2, 318-345 (2019) · doi:10.46586/tches.v2019.i2.318-345 |
| [5] | Efron, B., Bootstrap methods: another look at the jackknife, Annl. Stat., 7, 1, 1-26 (1979) · Zbl 0406.62024 · doi:10.1214/aos/1176344552 |
| [6] | Goodwill, G.; Jun, B.; Jaffe, J.; Rohatgi, P., A testing methodology for side-channel resistance validation, NIST non-invasive attack testing workshop., 7, 115-136 (2011) |
| [7] | Hung, H.J., O’Neill, R.T., Bauer, P., Kohne, K.: The behavior of the p-value when the alternative hypothesis is true. Biometrics, 11-22 (1997) · Zbl 0876.62015 |
| [8] | Kocher, P.; Jaffe, J.; Jun, B.; Wiener, M., Differential power analysis, Advances in Cryptology — CRYPTO’ 99, 388-397 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.94501 · doi:10.1007/3-540-48405-1_25 |
| [9] | Mangard, S.; Oswald, E.; Standaert, FX, One for all-all for one: unifying standard differential power analysis attacks, IET Inf. Secur., 5, 2, 100-110 (2011) · doi:10.1049/iet-ifs.2010.0096 |
| [10] | Moradi, A.; Richter, B.; Schneider, T.; Standaert, FX, Leakage detection with the \(\chi^2\)-test, IACR Trans. Cryptographic Hardware and Embedded Systems, 1, 209-237 (2018) · doi:10.46586/tches.v2018.i1.209-237 |
| [11] | Pattengale, ND; Alipour, M.; Bininda-Emonds, ORP; Moret, BME; Stamatakis, A., How many bootstrap replicates are necessary?, J. Comput. Biol., 17, 3, 337-354 (2010) · doi:10.1089/cmb.2009.0179 |
| [12] | Pebay, PP, Formulas for robust, one-pass parallel computation of covariances and arbitrary-order statistical moments (2008), Sandia National Laboratories: Tech. rep, Sandia National Laboratories · doi:10.2172/1028931 |
| [13] | Reparaz, O.; Gierlichs, B.; Verbauwhede, I.; Fischer, W.; Homma, N., Fast leakage assessment, Cryptographic Hardware and Embedded Systems - CHES 2017, 387-399 (2017), Cham: Springer, Cham · Zbl 1444.68071 · doi:10.1007/978-3-319-66787-4_19 |
| [14] | Schneider, T.; Moradi, A.; Güneysu, T.; Handschuh, H., Leakage assessment methodology, Cryptographic Hardware and Embedded Systems - CHES 2015, 495-513 (2015), Heidelberg: Springer, Heidelberg · Zbl 1380.68171 · doi:10.1007/978-3-662-48324-4_25 |
| [15] | Standaert, F-X; Bilgin, B.; Fischer, J-B, How (Not) to use welch’s T-test in side-channel security evaluations, Smart Card Research and Advanced Applications, 65-79 (2019), Cham: Springer, Cham · doi:10.1007/978-3-030-15462-2_5 |
| [16] | Tiri, K.; Verbauwhede, I.; Walter, CD; Koç, ÇK; Paar, C., Securing encryption algorithms against DPA at the logic level: next generation smart card technology, Cryptographic Hardware and Embedded Systems - CHES 2003, 125-136 (2003), Heidelberg: Springer, Heidelberg · doi:10.1007/978-3-540-45238-6_11 |
| [17] | Welford, B., Note on a method for calculating corrected sums of squares and products, Technometrics, 4, 3, 419-420 (1962) · doi:10.1080/00401706.1962.10490022 |
| [18] | Zhang, L.; Ding, AA; Durvaux, F.; Standaert, FX; Fei, Y., Towards sound and optimal leakage detection procedure, IACR Cryptology ePrint Archive, 2017, 287 (2017) |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
