A Theoretical Study of Kolmogorov-Smirnov Distinguishers

Side-Channel Analysis vs. Differential Cryptanalysis
  • Annelie HeuserEmail author
  • Olivier Rioul
  • Sylvain Guilley
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)


In this paper, we carry out a detailed mathematical study of two theoretical distinguishers based on the Kolmogorov-Smirnov (KS) distance. This includes a proof of soundness and the derivation of closed-form expressions, which can be split into two factors: one depending only on the noise and the other on the confusion coefficient of Fei, Luo and Ding. This allows one to have a deeper understanding of the relative influences of the signal-to-noise ratio and the confusion coefficient on the distinguisher’s performance. Moreover, one is able to directly compare distinguishers based on their closed-form expressions instead of using evaluation metric that might obscure the actual performance and favor one distinguisher over the other. Furthermore, we formalize the link between the confusion coefficient and differential cryptanalysis, which shows that the stronger an S-box is resistant to differential attacks the weaker it is against side-channel attacks, and vice versa.


Side-channel distinguisher Confusion coefficient Kolmogorov-Smirnov analysis Closed-form expressions S-Box differential uniformity Constrained S-Box search 



The authors thank Emmanuel Prouff and Claude Carlet for sharing insights about the criteria for SCA-aware S-Boxes.


  1. 1.
    Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993) CrossRefGoogle Scholar
  2. 2.
    Blondeau, C., Canteaut, A., Charpin, P.: Differential properties of power functions. In: ISIT, pp. 2478–2482. IEEE (2010)Google Scholar
  3. 3.
    Carlet, C.: On highly nonlinear S-Boxes and their inability to thwart DPA attacks. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 49–62. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  4. 4.
    Carlet, C.: Boolean models and methods in mathematics, computer science, and engineering. In: Crama, Y., Hammer, P. (eds.) Vectorial Boolean Functions for Cryptography, pp. 398–469. Cambridge University Press, Cambridge (2010). (Preliminary version Scholar
  5. 5.
    Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  6. 6.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)CrossRefGoogle Scholar
  7. 7.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  8. 8.
    Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Quisquater, J.-J., Paradinas, Y., Deswarte, Y., Kalam, A. (eds.) Smart Card Research and Advanced Applications VI. IFIP, vol. 153, pp. 127–142. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  9. 9.
    Kolmogorov, A.N.: Sulla determinazione empirica di una legge di distribuzione. Giorn. Ist. Ital. Attuari 4, 83–91 (1933)zbMATHGoogle Scholar
  10. 10.
    Maghrebi, H., Rioul, O., Guilley, S., Danger, J.-L.: Comparison between side-channel analysis distinguishers. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 331–340. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  11. 11.
    Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Springer, December 2006. ISBN: 0-387-30857-1 (2006).
  12. 12.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  13. 13.
    Mazumdar, B., Mukhopadhyay, D., Sengupta, I.: Constrained search for a class of good bijective S-boxes with improved DPA resistivity. IEEE Trans. Inf. Forensics Secur. 8(12), 2154–2163 (2013)CrossRefGoogle Scholar
  14. 14.
    Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a gaussian assumption. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 193–205. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    NIST/ITL/CSD: Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001.
  16. 16.
    Picek, S., Ege, B., Batina, L., Jakobovic, D., Papagiannopoulos, K.: Optimality and beyond: the case of \(4\times 4\) S-boxes. In: HOST, Arlington, USA. IEEE Computer Society (2014)Google Scholar
  17. 17.
    Piret, G., Roche, T., Carlet, C.: PICARO – A block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  18. 18.
    Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  19. 19.
    Prouff, E., Matthieu, R.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Appl. Cryptogr. (IJACT) 2(2), 121–138 (2010)CrossRefzbMATHGoogle Scholar
  20. 20.
    Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 165–183. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  21. 21.
    Smirnov, N.V.: Tables for estimating the goodness of fit of empirical distributions. Ann. Math. Stat. 19(2), 279–281 (1948)CrossRefzbMATHGoogle Scholar
  22. 22.
    Standaert, F.-X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the rules of the DPA contest. Cryptology ePrint Archive, Report 2008/517, December 8 (2008).
  23. 23.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  24. 24.
    TELECOM ParisTech SEN research group. DPA Contest (1st edn.), 2008–2009.
  25. 25.
    TELECOM ParisTech SEN research group. DPA Contest (4th edn.), 2013–2014.
  26. 26.
    Thillard, A., Prouff, E., Roche, T.: Success through confidence: evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 21–36. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  27. 27.
    Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  28. 28.
    Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)CrossRefGoogle Scholar
  29. 29.
    Whitnall, C., Oswald, E., Mather, L.: An exploration of the kolmogorov-smirnov test as a competitor to mutual information analysis. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 234–251. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  30. 30.
    Whitnall, C., Oswald, E., Standaert, F.-X.: The myth of generic DPA..and the magic of learning. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 183–205. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  31. 31.
    Zhao, H., Zhou, Y., Standaert, F.-X., Zhang, H.: Systematic construction and comprehensive evaluation of kolmogorov-smirnov test based side-channel distinguishers. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 336–352. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Annelie Heuser
    • 1
    Email author
  • Olivier Rioul
    • 1
  • Sylvain Guilley
    • 1
    • 2
  1. 1.TELECOM-ParisTechCOMELECParisFrance
  2. 2.Secure-IC S.A.S.RennesFrance

Personalised recommendations