On the Optimal Pre-processing for Non-profiling Differential Power Analysis

Abstract

Differential Power Analysis (DPA) is often preceded by various noise reduction techniques. Digital Signal Processing (DSP) and Principal Component Analysis (PCA) have found their numerous applications in this area. However, most of them either require explicit profiling/semi-profiling step or depend on some heuristically chosen parameters. In this paper, we propose optimal pre-processing of power traces in non-profiling setup using an optimum linear filter and an approximate optimum linear filter. We have also empirically evaluated the proposed filters in several noisy scenarios which show significant improvements in the results of Correlation Power Analysis (CPA) over the existing pre-processing techniques. We have further investigated the optimality of the one proposed pre-processing technique by comparing it with a profiling attack.

Appendices

A Experimental Setup and Pre-processing

For all the experiments, we have used standard side-channel evaluation board SASEBO-GII [25] which consists of a cryptographic FPGA device: Virtex-5 XC5VLX50. The cryptographic FPGA is driven by a clock frequency of 2 MHz. During the encryption process, voltage drops across VCC and GND of Virtex-5 are captured by Tektronix MSO 4034B Oscilloscope at the rate of 2.5 GS/s i.e. \(1,250\) samples per clock period.

The traces acquired using the above setup are already horizontally aligned. However, they are not vertically aligned. The vertical alignment of the traces are performed by subtracting the DC bias from each sample point of the traces. The DC bias of each trace is computed by averaging the leakages of a window taken from a region when no computation is going on. This step is also necessary since the derived impulse response of the proposed filters is sensitive to the absolute value of mean leakages.

For mounting the attacks, we selected a window of \(300\) sample points around the last round register update. After transforming into a different domain, variance of some of the sample points may become very close to zero in the new domain. As a result, while applying AOF in this new domain, the weights (which are mean/variance of the sample points) of those sample points may become very high even if their mean leakages are very less. In other words, due to very low variance, some low SNR sample points may get very high weight. We solved this problem by setting the weight of a sample point having variance less than a fraction of \(1/2000\) of the maximum variance to zero.

Fig. 6.

Plots of the average guessing entropy of some more attacks in the four noisy scenarios.

B Results of Other Attacks

The performances of some more attacks have been compared. The results are shown Fig. 6 for all the four scenarios (see Sect. 5). Scalar Product is introduced in [13] where CPA is first performed on each of the sample points independently and then the final outputs are computed by taking the weighted sum of the outputs of CPA over all the sample points. In Avg, the traces are pre-processed by taking the absolute average the leakages over all the sample points and then CPA is applied on the average values. In Var [26], CPA is performed on the variance of the traces.

C Proof of Lemma 2

A formal proof of the theorem can be found in [27]. However, we will follow the proof of [28]. In Eq. (8), SR is given as,

$$\begin{aligned} SR = \tilde{i}^2\times \frac{|\mathbf {h}'\mathbf {a}|^2}{\mathbf {h}'\mathbf {\Sigma _L}\mathbf {h}} \end{aligned}$$

The term \(\tilde{i}^2\) in the RHS of the above expression does not have any influence when we maximize SR. Thus by neglecting it, we re-write the above expression as

$$\begin{aligned} SR = \frac{|\mathbf {h}'\mathbf {a}|^2}{\mathbf {h}'\mathbf {\Sigma }_{\mathbf {L}}\mathbf {h}} \end{aligned}$$

Now, if \(\mathbf {\Sigma }_{\mathbf {L}}\) is not invertible, a subset of the \(\tau \) sample points of size \(rank(\mathbf {\Sigma }_{\mathbf {L}})\) can be chosen such that the covariance matrix of the chosen sample points is invertible and all the computations can be carried out in this lower dimension. Thus, without loss of generality, we assume \(\mathbf {\Sigma }_{\mathbf {L}}\) is positive definite. Thus, the above expression of SR can be written as

$$\begin{aligned} SR = \frac{|(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})'(\mathbf {\Sigma }_{\mathbf {L}}^{-1/2}\mathbf {a})|^2}{(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})'(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})} \end{aligned}$$

Using the Cauchy-Schwarz inequality on the numerator of the RHS of the above expression, the SR is upper bounded by

$$\begin{aligned} SR&\le \frac{ [(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})'(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})] [(\mathbf {\Sigma }_{\mathbf {L}}^{-1/2}\mathbf {a})'(\mathbf {\Sigma }_{\mathbf {L}}^{-1/2}\mathbf {a})] }{ (\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h})'(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h}) }\\&= \mathbf {a}'\mathbf {\Sigma }_{\mathbf {L}}^{-1}\mathbf {a} \end{aligned}$$

And, this upper bound is achieved when \(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h} = \alpha \mathbf {\Sigma }_{\mathbf {L}}^{-1/2}\mathbf {a}\) or \(\mathbf {h} = \alpha \mathbf {\Sigma }_{\mathbf {L}}^{-1} \mathbf {a}\) for some normalization factor \(\alpha \). Setting the value of \(\alpha \) to one, we complete the proof.