Variance analysis based distinguisher for template attack

Abstract

In practice, different styles of side channel attacks can utilize the leakages of a crypto device to recover the used secret key, which can pose a serious threat on the physical security of a crypto device. Among different styles of side channel attacks, template attack can be information theoretically the strongest attack style. However, numerical problems can seriously influence the key-recovery efficiency of template attack in practice, which can make template attack useless in practice. In light of this, the variance analysis based distinguisher is proposed for template attack. Compared with the classical template attack, variance analysis based template attack can reduce the computational complexity of template attack from <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$O(d^{3})$</tex> to <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$O(d)$</tex> , where <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$d$</tex> denotes the number of interesting points. Besides, numerical problems do not exist anymore. Therefore, a large number of interesting points can be chosen to enlarge the leakage exploitation and accordingly optimize the key-recovery efficiency of template attack. The key-recovery efficiency of variance analysis based template attack is evaluated in both simulated and real scenarios, and the evaluation results show that compared with the classical template attack, variance analysis based template attack can maintain a high key-recovery efficiency while significantly decrease the number of traces that should be used in the profiling phase of template attack.