Back to Search Start Over

Leakage Certification Revisited: Bounding Model Errors in Side-Channel Security Evaluations

Authors :
Clément Massart
Alex Olshevsky
François-Xavier Standaert
Julien M. Hendrickx
Olivier Bronchain
UCL - SST/ICTM/INMA - Pôle en ingénierie mathématique
UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique
Source :
Advances in Cryptology – CRYPTO 2019-39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part I, Advances in Cryptology – CRYPTO 2019 ISBN: 9783030269470, CRYPTO (1), Lecture Notes in Computer Science, Lecture Notes in Computer Science-Advances in Cryptology – CRYPTO 2019
Publication Year :
2019
Publisher :
Springer International Publishing, 2019.

Abstract

Leakage certification aims at guaranteeing that the statistical models used in side-channel security evaluations are close to the true statistical distribution of the leakages, hence can be used to approximate a worst-case security level. Previous works in this direction were only qualitative: for a given amount of measurements available to an evaluation laboratory, they rated a model as “good enough” if the model assumption errors (i.e., the errors due to an incorrect choice of model family) were small with respect to the model estimation errors. We revisit this problem by providing the first quantitative tools for leakage certification. For this purpose, we provide bounds for the (unknown) Mutual Information metric that corresponds to the true statistical distribution of the leakages based on two easy-to-compute information theoretic quantities: the Perceived Information, which is the amount of information that can be extracted from a leaking device thanks to an estimated statistical model, possibly biased due to estimation and assumption errors, and the Hypothetical Information, which is the amount of information that would be extracted from an hypothetical device exactly following the model distribution. This positive outcome derives from the observation that while the estimation of the Mutual Information is in general a hard problem (i.e., estimators are biased and their convergence is distribution-dependent), it is significantly simplified in the case of statistical inference attacks where a target random variable (e.g., a key in a cryptographic setting) has a constant (e.g., uniform) probability. Our results therefore provide a general and principled path to bound the worst-case security level of an implementation. They also significantly speed up the evaluation of any profiled side-channel attack, since they imply that the estimation of the Perceived Information, which embeds an expensive cross-validation step, can be bounded by the computation of a cheaper Hypothetical Information, for any estimated statistical model.

Details

Language :
English
ISBN :
978-3-030-26947-0
978-3-030-26948-7
ISSN :
03029743 and 16113349
ISBNs :
9783030269470 and 9783030269487
Database :
OpenAIRE
Journal :
Advances in Cryptology – CRYPTO 2019-39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part I, Advances in Cryptology – CRYPTO 2019 ISBN: 9783030269470, CRYPTO (1), Lecture Notes in Computer Science, Lecture Notes in Computer Science-Advances in Cryptology – CRYPTO 2019
Accession number :
edsair.doi.dedup.....055815fab21481e52ff51d2f74caa0a5