|
|
|
The Stochastic Approach in Power Analysis - A Synthesis between Engineer's Expertise and Advanced Stochastics
Werner Schindler
|
| |
The 'classical' and by far the most widespread approach in power analysis is dpa. Dpa attacks require only little preparatory work but on the negative side
their attacking efficiency is often small. Template attacks interpret measurement values as realisations of random variables whose (unknown) distributions depend
on a subkey, on a part of the plaintext (resp. on a part of the ciphertext) and possibly on a masking value. In the profiling phase (aka characterisation phase)
a very large number of measurements have to be performed at an identical trainings device in order to estimate these distributions. The attacking efficiency of
(full) template attacks is maximal. On the negative side, at least for strong implementations full template attacks require a gigantic number of measurements
which is hardly feasible.
We explain an innovative approach that was introduced at CHES 2005 and generalised later. It combines engineer's expertise with quantitative stochastic
methods from the field of multivariate statistics. Unlike for template attacks the designated goal is not to determine the unknown distributions exactly but only
(sufficiently good) approximators. The profiling workload is by several orders of magnitude smaller than for template attacks while the attacking efficiency
is comparable (provided that the designer, resp. evaluator, resp. attacker, who applies the attack has understood the relevant characteristics of the implementa-
tion). The attacking efficiency is much better than that of dpa attacks. Moreover, the stochastic approach provides an explicit representation of the leakage signal.
This property may be used to support aimed (re-)design. |
|
