International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations: Towards Analytical Attacks against 32-bit Implementations

Authors:
Gaëtan Cassiers , TU Graz, Graz, Austria
Henri Devillez , UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
François-Xavier Standaert , UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
Balazs Udvarhelyi , UCLouvain, ICTEAM, Crypto Group, Louvain-la-Neuve, Belgium
Download:
DOI: 10.46586/tches.v2023.i3.270-293
URL: https://tches.iacr.org/index.php/TCHES/article/view/10964
Search ePrint
Search Google
Abstract: 32-bit software implementations become increasingly popular for embedded security applications. As a result, profiling 32-bit target intermediate values becomes increasingly needed to evaluate their side-channel security. This implies the need of statistical tools that can deal with long traces and large number of classes. While there are good options to solve these issues separately (e.g., linear regression and linear discriminant analysis), the current state of the art lacks efficient tools to solve them jointly. To the best of our knowledge, the best-known option is to fragment the profiling in smaller parts, which is suboptimal from the information theoretic viewpoint. In this paper, we therefore revisit regression-based linear discriminant analysis, which combines linear regression and linear discriminant analysis, and improve its efficiency so that it can be used for profiling long traces corresponding to 32-bit implementations. Besides introducing the optimizations needed for this purpose, we show how to use regression-based linear discriminant analysis in order to obtain efficient bounds for the perceived information, an information theoretic metric characterizing the security of an implementation against profiled attacks. We also combine this tool with optimizations of soft analytical side-channel attack that apply to bitslice implementations. We use these results to attack a 32-bit implementation of SAP instantiated with Ascon’s permutation, and show that breaking the initialization of its re-keying in one trace is feasible for determined adversaries.
BibTeX
@article{tches-2023-33290,
  title={Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations: Towards Analytical Attacks against 32-bit Implementations},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 3},
  pages={270-293},
  url={https://tches.iacr.org/index.php/TCHES/article/view/10964},
  doi={10.46586/tches.v2023.i3.270-293},
  author={Gaëtan Cassiers and Henri Devillez and François-Xavier Standaert and Balazs Udvarhelyi},
  year=2023
}