On the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven

Size: px

Start display at page:

Download "On the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven"

Lionel Hill
6 years ago
Views:

1 On the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven Éloi de Chérisey*, Annelie Heuser**, Sylvain Guilley** and Olivier Rioul** * ENS Cachan, **Telecom ParisTech

Éloi Sylvain Annelie Olivier de CHÉRISEY

2 Éloi Sylvain Annelie Olivier de CHÉRISEY GUILLEY HEUSER RIOUL is with is also with is PhD fellow at is also Prof at Research thread: Distinguishing distinguishers CHES 2014: known model + large Gaussian noise = CPA is optimal ASICRYPT 2014: idem with masking = HO-CPA is optimal CRYPTARCHI 2015: unknown model = MIA is optimal

3 Introduction Outline On Optimality of MIA Notations and Assumptions Mathematical Derivations An Example where MIA Outperforms CPA Pedagogical Case-Study Implementation Issues On Binning Size Fast Computation of MIA 3 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

4 Introduction Outline On Optimality of MIA Notations and Assumptions Mathematical Derivations An Example where MIA Outperforms CPA Pedagogical Case-Study Implementation Issues On Binning Size Fast Computation of MIA 4 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

5 Motivations 1. How to attack when no leakage model is available? no profiling is possible? (e.g., balanced dual-rail circuits) 5 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

6 Motivations 1. How to attack when no leakage model is available? no profiling is possible? (e.g., balanced dual-rail circuits) 5 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

7 Motivations 1. How to attack when no leakage model is available? no profiling is possible? (e.g., balanced dual-rail circuits) Mutual Information Analysis (MIA) [Gierlichs et al., CHES 2008] 5 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

Motivations 1. How to attack when no leakage model is available? no profiling is possible? (e.g., balanced dual-rail circuits) Mutual Information Analysis (MIA) [Gierlichs et al.

8 Motivations 1. How to attack when no leakage model is available? no profiling is possible? (e.g., balanced dual-rail circuits) Mutual Information Analysis (MIA) [Gierlichs et al., CHES 2008] 2. Is it possible for MIA to be: Optimal? Effective? Efficient? 5 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

9 Results We show that: MIA is optimal in that it is equivalent to a universal maximum likelihood (U-ML) MIA can even outperform CPA the computational complexity of MIA can be significantly reduced 6 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

10 Introduction Outline On Optimality of MIA Notations and Assumptions Mathematical Derivations An Example where MIA Outperforms CPA Pedagogical Case-Study Implementation Issues On Binning Size Fast Computation of MIA 7 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

11 Leakage model Assumptions: secret key k : deterministic but unknown uniformly distributed text bytes t = (t 1,..., t m ): random but known m i.i.d. noisy measurements x = (x 1,..., x m ) leakage model: x = y(k ) + n y(k) = ϕ(f(k, t)) t n t k f ϕ y + x D(x, t) ˆk Device side Attacker s side 8 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

12 Markov Condition Markov Chain Property The leakage x depends on the secret key k only through the computed model y(k ) = ϕ(f(k, t)) Thus the conditional distribution P(x y) depends on the key only through the value of y. Example x i = w H (k t i ) + n i, where w H is the Hamming weight x i = ϕ(s(k t i )) + n i, where S is a substitution box 9 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

13 Assumptions Empirical Distribution (Histogram) Leakage is discrete (or discretized via binning). Counting occurrences of each value of x and y gives the estimate: P(x y) = m i=1 1 x i =x,y i =y m i=1 1 y i =y Definition (Empirical Mutual Information) Ĩ(X; Y ) = x X y Y P(x, y) log 2 P(x, y) P(x) P(y) 10 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

14 Best Distinguisher The optimal distinguisher D(x, y) and associated distinguishing rule ˆk = arg max D(x, y) maximizes success: k K Definition (Average Success Rate) SR = 1 2 n 1 2 n P k (ˆk(X, T) = k) k=0 This is a theoretical definition since P k (x, t) is not known perfectly. 11 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

15 Maximum likelihood Theorem (Optimal Distinguisher = Maximum Likelihood) D opt (x, t) = arg max P(x y) k K Recall y = ϕ(f(k, t)) depends on the key hypothesis k. Proved by [Heuser et al., in CHES 2014] Optimality holds for perfectly known leakage model ϕ 12 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

16 Universal Maximum Likelihood Universal = from the data without prior information. Definition (Universal Maximum Likelihood) where P(x y) = m i=1 P(x i y i ) ˆk = arg max P(x y) k K Loss in performance due to empirical probability estimation. 13 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

17 Universal Maximum Likelihood Theorem (MIA = U-ML) The universal ML key estimate is equivalent to MIA! [Gierlichs et al. CHES 2008] ˆk = arg max k K P(x y) = arg max Ĩ(X; Y ) k K This surprising theoretical result shows that MIA is universally optimal as it maximizes SR = 1 2 n 1 P 2 n k (ˆk(X, T) = k) k=0 14 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

18 Proof of the Theorem Rearrange empirical probability: m P(x y) = P(x i y i ) = P(x y) nx,y i=1 x X,y Y where m n x,y = 1 xi =x,y i =y = m P(x, y) i=1 Now take the logarithm: log P(x y) = m P(x, y) log( P(x y)) x X,y Y We recognize entropy! H(X Y ) = P(x, y) log( P(x y)) /... x X,y Y 15 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

19 Proof of the Theorem (cont d) In other words: P(x y) = 2 m H(X Y ) Thus maximizing P(x y) amounts to minimizing H(X Y ), i.e., maximizing Ĩ(X, Y ) = H(X) H(X Y ) since H(X) does not depend on k. Conclusion: arg max P(x y) = arg max Ĩ(X; Y ) k K k K 16 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

20 Introduction Outline On Optimality of MIA Notations and Assumptions Mathematical Derivations An Example where MIA Outperforms CPA Pedagogical Case-Study Implementation Issues On Binning Size Fast Computation of MIA 17 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

21 Case-Study Consider the following leakage : X = Y + N with Y = ϕ(f(t K )) where Y = ±1 and N U(±σ) (uniformly distributed with values ±σ). Assumptions T, K F n 2 f : F n 2 Fn 2 is an Sbox function applied to a xor and ϕ is a one-bit selection function. σ N is an integer Example Dynamic Voltage Scaling (DVS) used as a countermeasure. 18 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

22 Case-Study: Distinguisher Theorem (Optimal Distinguisher) One easily finds 1 D opt (x, t) = arg max P(x y) = arg max k K k K 2 m m 1 if x ϕ(f(t, k)) = 0 1 if x ϕ(f(t, k)) = 2σ 0 otherwise i=1 To be compared to i CPA: ii MIA : D CP A (x, t) = arg max k K cov(x, Y ) σ X σ Y D MIA (x, t) = arg max Ĩ(X, Y ) k K 19 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

23 Results for MIA and CPA (σ = 1) 20 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

24 Results for MIA and CPA (σ = 4) 21 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

25 Introduction Outline On Optimality of MIA Notations and Assumptions Mathematical Derivations An Example where MIA Outperforms CPA Pedagogical Case-Study Implementation Issues On Binning Size Fast Computation of MIA 22 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

26 Size of the Bins Why Binning? Due to noise, x assumes real values: p(x y) as a pdf that must be estimated using bins as P(x y) what is the optimal size of bins? does it depend of the number of traces? 23 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

27 Leakage Example Example y = ϕ(f(y(k, t))) with f(k, t) = Sbox(t k ) ϕ = ψ(w H ( )) where ψ is a non-linear bijective function s.t. Cov(Y, ϕ(y )) = 0 ϕ(y ) Y

28 Leakage Example (cont d) MIA using 30 traces = 1 = 5 25 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

29 Leakage Example (cont d) Correct key guess False key guess = 1 = 5 26 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

30 Fast MIA Algorithm Principle See [Victor Lomné et al. in ASIACRYPT 2013] for CPA Principle The pmf is given by P(y, x) = P(t, x) t ϕ(f(t,k))=y Implement this once and for all in place of empirical probability P(t, x). 27 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

31 Fast MIA Algorithm Flow input : x a set of m traces which take discrete values, t a corresponding set of m plaintexts/ciphertexts output: (Ĩ(x, y(k))) k K // From x and t, build an hash table PMF[t][x] (i.e., an histogram); 1 for i {1,..., m} do 2 PMF[t i][x i] += 1; 3 end 4 for x X do 5 P(x) = 0 ; 6 for t F n 2 do 7 P(x) += PMF[t][x] ; 8 end 9 end // P(x) holds m P(x) 28 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

32 1 for k K do // Key enumeration Fast MIA Algorithm Flow 2 x X, y Y, P(x, y) = 0 ; // P(x, y) holds m P(x, y) 3 for t F n 2 do 4 for x X do 5 P(x, ϕ(f(k, t))) += PMF[t][x] ; // y = ϕ(f(k, t)) 6 end 7 end 8 Ĩ(x, y(k)) = 0; 9 for y Y do 10 P(y) = 0 ; // P(y) holds m P(y) 11 for x X do 12 P(y) += P(x, y); 13 end 14 for x X do 15 if P(x, y) 0 then // P(x, y) 0 = (P(x) 0 P(y) 0) 16 Ĩ(x, y(k)) += P(x,y) m log 2 mp(x,y) P(x)P(y) ; 17 end 18 end 19 end 20 end 21 return (Ĩ(x, y(k))) k K 29 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

33 1 for k K do // Key enumeration Fast MIA Algorithm Flow 2 x X, y Y, P(x, y) = 0 ; // P(x, y) holds m P(x, y) 3 for t F n 2 do 4 for x X do 5 P(x, ϕ(f(k, t))) += PMF[t][x] ; // y = ϕ(f(k, t)) 6 end 7 end 8 Ĩ(x, y(k)) = 0; 9 for y Y do 10 P(y) = 0 ; // P(y) holds m P(y) 11 for x X do 12 P(y) += P(x, y); 13 end 14 for x X do 15 if P(x, y) 0 then // P(x, y) 0 = (P(x) 0 P(y) 0) 16 P(x,y) Ĩ(x, y(k)) += P(x, y) log 2 ; P(y) // no longer a mutual information, but OK end 18 end 19 end 20 end 21 return (Ĩ(x, y(k))) k K 29 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

34 Conclusions MIA is equivalent to Universal ML MIA can be close to optimal Binning size is crucial Fast MIA 30 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

35 Thank you! Questions? 31 June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

36 References Benedikt Gierlichs, Lejla Batina, Pim Tuyls, and Bart Preneel. Mutual information analysis. In CHES, 10th International Workshop, volume 5154 of Lecture Notes in Computer Science, pages Springer, August Washington, D.C., USA. Annelie Heuser, Olivier Rioul, and Sylvain Guilley. Good Is Not Good Enough - Deriving Optimal Distinguishers from Communication Theory. In Lejla Batina and Matthew Robshaw, editors, Cryptographic Hardware and Embedded Systems - CHES th International Workshop, Busan, South Korea, September 23-26, Proceedings, volume 8731 of Lecture Notes in Computer Science, pages Springer, Victor Lomné, Emmanuel Prouff, and Thomas Roche. Behind the Scene of Side Channel Attacks. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT (1), volume 8269 of Lecture Notes in Computer Science, pages Springer, June 29-30, 2015 Institut Mines-Télécom Cryptarchi 2015

Side-Channel Attack against RSA Key Generation Algorithms

Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information