Skip to main content
SpringerLink
Log in

A Theoretical Study of Kolmogorov-Smirnov Distinguishers

Side-Channel Analysis vs. Differential Cryptanalysis

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8622))

Abstract

In this paper, we carry out a detailed mathematical study of two theoretical distinguishers based on the Kolmogorov-Smirnov (KS) distance. This includes a proof of soundness and the derivation of closed-form expressions, which can be split into two factors: one depending only on the noise and the other on the confusion coefficient of Fei, Luo and Ding. This allows one to have a deeper understanding of the relative influences of the signal-to-noise ratio and the confusion coefficient on the distinguisher’s performance. Moreover, one is able to directly compare distinguishers based on their closed-form expressions instead of using evaluation metric that might obscure the actual performance and favor one distinguisher over the other. Furthermore, we formalize the link between the confusion coefficient and differential cryptanalysis, which shows that the stronger an S-box is resistant to differential attacks the weaker it is against side-channel attacks, and vice versa.

Annelie Heuser is Google European fellow in the field of privacy and is partially founded by this fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This visual interpretation agrees with several statistical unimodality tests.

  2. 2.

    This assumption holds for sufficiently large values of \(\sigma ^2\) as discussed in Subsect. 2.3, which reflects a practical scenario as illustrated e.g. in Fig. 4.6 of [11].

  3. 3.

    This Boolean function \(S\) is typically one component of a substitution box with \(n\) output bits. Of course, an attacker could predict the \(n\) bits altogether. Still, a mono-bit model has the interest that it reduces the epistemic noise, meaning that an assumption on more than one bit certainly deviates from the actual leakage.

  4. 4.

    More precisely, as will be made clear in the next Sect. 4.3, the key hypotheses that are the hardest to distinguish are those using a linear S-box. Indeed, they maximize both \(\varLambda _S\) (i.e. have \(nl(S)=0\)) and \(\varDelta _S\), which could wrongly indicate that the linearity is the relevant criteria.

References

  1. Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  2. Blondeau, C., Canteaut, A., Charpin, P.: Differential properties of power functions. In: ISIT, pp. 2478–2482. IEEE (2010)

    Google Scholar 

  3. Carlet, C.: On highly nonlinear S-Boxes and their inability to thwart DPA attacks. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 49–62. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Carlet, C.: Boolean models and methods in mathematics, computer science, and engineering. In: Crama, Y., Hammer, P. (eds.) Vectorial Boolean Functions for Cryptography, pp. 398–469. Cambridge University Press, Cambridge (2010). (Preliminary version http://www.math.univ-paris13.fr/carlet/pubs.html)

    Google Scholar 

  5. Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  6. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  7. Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Quisquater, J.-J., Paradinas, Y., Deswarte, Y., Kalam, A. (eds.) Smart Card Research and Advanced Applications VI. IFIP, vol. 153, pp. 127–142. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Kolmogorov, A.N.: Sulla determinazione empirica di una legge di distribuzione. Giorn. Ist. Ital. Attuari 4, 83–91 (1933)

    MATH  Google Scholar 

  10. Maghrebi, H., Rioul, O., Guilley, S., Danger, J.-L.: Comparison between side-channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 331–340. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  11. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Springer, December 2006. ISBN: 0-387-30857-1 (2006). http://www.dpabook.org/

  12. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  13. Mazumdar, B., Mukhopadhyay, D., Sengupta, I.: Constrained search for a class of good bijective S-boxes with improved DPA resistivity. IEEE Trans. Inf. Forensics Secur. 8(12), 2154–2163 (2013)

    Article  Google Scholar 

  14. Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a gaussian assumption. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 193–205. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. NIST/ITL/CSD: Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  16. Picek, S., Ege, B., Batina, L., Jakobovic, D., Papagiannopoulos, K.: Optimality and beyond: the case of \(4\times 4\) S-boxes. In: HOST, Arlington, USA. IEEE Computer Society (2014)

    Google Scholar 

  17. Piret, G., Roche, T., Carlet, C.: PICARO – A block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Prouff, E., Matthieu, R.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Appl. Cryptogr. (IJACT) 2(2), 121–138 (2010)

    Article  MATH  Google Scholar 

  20. Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 165–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Smirnov, N.V.: Tables for estimating the goodness of fit of empirical distributions. Ann. Math. Stat. 19(2), 279–281 (1948)

    Article  MATH  Google Scholar 

  22. Standaert, F.-X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the rules of the DPA contest. Cryptology ePrint Archive, Report 2008/517, December 8 (2008). http://eprint.iacr.org/2008/517

  23. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. TELECOM ParisTech SEN research group. DPA Contest (1st edn.), 2008–2009. http://www.DPAcontest.org/

  25. TELECOM ParisTech SEN research group. DPA Contest (4th edn.), 2013–2014. http://www.DPAcontest.org/v4/

  26. Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 21–36. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  27. Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)

    Article  Google Scholar 

  29. Whitnall, C., Oswald, E., Mather, L.: An exploration of the kolmogorov-smirnov test as a competitor to mutual information analysis. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 234–251. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  30. Whitnall, C., Oswald, E., Standaert, F.-X.: The myth of generic DPA..and the magic of learning. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 183–205. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  31. Zhao, H., Zhou, Y., Standaert, F.-X., Zhang, H.: Systematic construction and comprehensive evaluation of kolmogorov-smirnov test based side-channel distinguishers. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 336–352. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors thank Emmanuel Prouff and Claude Carlet for sharing insights about the criteria for SCA-aware S-Boxes.

Author information

Authors and Affiliations

  1. TELECOM-ParisTech, COMELEC, Paris, France

    Annelie Heuser, Olivier Rioul & Sylvain Guilley

  2. Secure-IC S.A.S., Rennes, France

    Sylvain Guilley

Authors
  1. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Rioul
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Annelie Heuser .

Editor information

Editors and Affiliations

  1. FNISA, Paris, France

    Emmanuel Prouff

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Heuser, A., Rioul, O., Guilley, S. (2014). A Theoretical Study of Kolmogorov-Smirnov Distinguishers. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2014. Lecture Notes in Computer Science(), vol 8622. Springer, Cham. https://doi.org/10.1007/978-3-319-10175-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10175-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10174-3

  • Online ISBN: 978-3-319-10175-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation