Side-Channel Leakage Amount Estimation Based on Communication Theory

Abstract

Side-channel attacks (SCAs) have been a serious threat to crypto devices. It is necessary to evaluate the resistance of a crypto device to SCAs. The evaluation criteria include information theoretic metrics and security metrics. The former measure the leakage amount of a crypto device, e.g. mutual information (MI). MI is one of the most commonly used metrics because of its clear information theoretic meaning. However, due to the fact that the real leakage distribution of a crypto device is hard to know, the estimation of MI is difficult. In previous work, there are two ways to estimate the leakage distribution: the nonparametric one and the parametric one. The former is non-profiling, but may bring a significant error because the leakage model is empirically selected by an evaluator. By comparison, the latter is more precise, but needs to profile the leakage model, which may be unfeasible in practice. To combine the merits of two kinds of methods, we bypass the estimation of the leakage distribution, and propose a parametric estimation method without profiling from the view of the noise distribution estimation. The side-channel is viewed as a communication channel in this paper, and naturally the side-channel MI can be deemed to be the average MI of the communication channel. Moreover, the channel capacity can be regarded as a new information theoretic metric which furnishes an estimation of the leakage amount in the worst case scenario. As compared to the previous research, the paper provides a novel black box method to estimate the side-channel leakage amount of a crypto device. The evaluation procedure can be viewed as a preliminary before advanced security evaluation.