Skip to main content

Advertisement

Springer Nature Link
Log in

The bias–variance decomposition in profiled attacks

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The profiled attacks challenge the security of cryptographic devices in the worst case scenario. We elucidate the reasons underlying the success of different profiled attacks (that depend essentially on the context) based on the well-known bias–variance tradeoff developed in the machine learning field. Note that our approach can easily be extended to non-profiled attacks. We show (1) how to decompose (in three additive components) the error rate of an attack based on the bias–variance decomposition, and (2) how to reduce the error rate of a model based on the bias–variance diagnostic. Intuitively, we show that different models having the same error rate require different strategies (according to the bias–variance decomposition) to reduce their errors. More precisely, the success rate of a strategy depends on several criteria such as its complexity, the leakage information and the number of points per trace. As a result, a suboptimal strategy in a specific context can lead the adversary to overestimate the security level of the cryptographic device. Our results also bring warnings related to the estimation of the success rate of a profiled attack that can lead the evaluator to underestimate the security level. In brief, certify that a chip leaks (or not) sensitive information represents a hard if not impossible task.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Bartkewitz, T., Lemke-Rust, K.: Efficient template attacks based on probabilistic multi-class support vector machines. In: Mangard, S. (ed.) CARDIS, LNCS, vol. 7771, pp. 263–276. Springer (2012)

  2. Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993)

    Book  MATH  Google Scholar 

  3. Breiman, L.: Bagging predictors. Technical report, Department of Statistics, University of California (1995)

  4. Breiman, L.: Arcing classifiers. Technical report, Department of Statistics, University of California (1996)

  5. Breiman, L.: Randomizing outputs to increase prediction accuracy. Mach. Learn. 40(3), 229–242 (2000)

    Article  MATH  Google Scholar 

  6. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)

    Article  MATH  Google Scholar 

  7. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (ed.) CHES, LNCS, vol. 2523, pp. 13–28. Springer (2002)

  8. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    MATH  Google Scholar 

  9. Dietterich, T.G., Kong, E.B.: Machine learning bias, statistical bias, and statistical variance of decision tree algorithms. Technical report, Department of Computer Science, Oregon State University (1995)

  10. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  11. Domingos, P.: A unified bias-variance decomposition and its applications. In: Langley, P. (ed.) ICML, pp. 231–238. Morgan Kaufmann, San Francisco (2000)

    Google Scholar 

  12. Domingos, P.: A unified bias-variance decomposition for zero-one and squared loss. In: Kautz, H.A., Porter, B.W. (eds.) AAAI/IAAI, pp. 564–569. AAAI Press/The MIT Press, New York (2000)

    Google Scholar 

  13. Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to certify the leakage of a chip? In: EUROCRYPT, LNCS, vol. 8441, pp. 459–475. Springer (2014) (to appear)

  14. Elaabid, M.A., Guilley, S.: Portability of templates. J. Cryptogr. Eng. 2(1), 63–74 (2012)

    Article  Google Scholar 

  15. Fei, Y., Ding, A.A., Lao, J., Zhang, L.: A statistics-based fundamental model for side-channel attack analysis. Cryptology ePrint Archive, Report 2014/152 (2014). http://eprint.iacr.org/. Accessed 1 July 2014

  16. Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  17. Friedman, J.H.: On bias, variance, 0/1-loss, and the curse-of-dimensionality. Data Min. Knowl. Discov. 1(1), 55–77 (1997)

    Article  Google Scholar 

  18. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (ed.) CHES, LNCS, vol. 2162, pp. 251–261. Springer (2001)

  19. Geman, S., Bienenstock, E., Doursat, R.: Neural networks and the bias/variance dilemma. Neural Comput. 4(1), 1–58 (1992)

    Article  Google Scholar 

  20. Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (ed.) Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, 10–13 October 2006, Proceedings, LNCS, vol. 4249, pp. 15–29. Springer (2006)

  21. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data Mining, Inference and Prediction, 2nd edn. Springer, New York (2009)

    Book  Google Scholar 

  22. Heskes, T.: Bias/variance decompositions for likelihood-based estimators. Neural Comput. 10(6), 1425–1433 (1998)

    Article  Google Scholar 

  23. Heuser, A., Rioul, O., Guilley, S.: A theoretical study of kolmogorov-smirnov distinguishers—side-channel analysis vs. differential cryptanalysis. In: Prouff, E. (ed.) Constructive Side-Channel Analysis and Secure Design—5th International Workshop, COSADE 2014, Paris, France, 13–15 April 2014. Revised Selected Papers, LNCS, vol. 8622, pp. 9–28. Springer (2014)

  24. Heuser, A., Zohner, M.: Intelligent machine homicide - breaking cryptographic devices using support vector machines. In: Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design, LNCS, vol. 7275, pp. 249–264. Springer, Berlin, Heidelberg (2012)

  25. Hospodar, G., Gierlichs, B., Mulder, E.D., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Cryptogr. Eng. 1(4), 293–302 (2011)

    Article  Google Scholar 

  26. Hospodar, G., Mulder, E.D., Gierlichs, B., Vandewalle, J., Verbauwhede, I.: Least squares support vector machines for side-channel analysis. In: Second International Workshop on Constructive Side Channel Analysis and Secure Design, pp. 99–104. Center for Advanced Security Research Darmstadt (2011)

  27. James, G., Hastie, T.: Generalizations of the bias/variance decomposition for prediction error. Technical report, Department of Statistics, Standford University (1996)

  28. Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO, LNCS, vol. 1109, pp. 104–113. Springer (1996)

  29. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO, LNCS, pp. 388–397. Springer (1999)

  30. Kohavi, R., Wolpert, D.: Bias plus variance decomposition for zero-one loss functions. In: Saitta, L. (ed.) ICML, pp. 275–283. Morgan Kaufmann, San Francisco (1996)

    Google Scholar 

  31. Lerman, L., Bontempi, G., Markowitch, O.: Side channel attack: an approach based on machine learning. In: Second International Workshop on Constructive Side Channel Analysis and Secure Design, pp. 29–41. Center for Advanced Security Research Darmstadt (2011)

  32. Lerman, L., Bontempi, G., Markowitch, O.: Power analysis attack: an approach based on machine learning. Int. J. Appl. Cryptogr. 3(2), 97–115 (2014)

    Article  MATH  MathSciNet  Google Scholar 

  33. Lerman, L., Bontempi, G., Markowitch, O.: A machine learning approach against a masked aes. J. Cryptogr. Eng. 5(2), 123–139 (2015)

    Article  Google Scholar 

  34. Lerman, L., Bontempi, G., Ben Taieb, S., Markowitch, O.: A time series approach for profiling attack. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (ed.) SPACE, LNCS, vol. 8204, pp. 75–94. Springer (2013)

  35. Lerman, L., Fernandes Medeiros, S., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. In: Francillon, A., Rohatgi, P. (ed.) Smart Card Research and Advanced Applications—12th International Conference, CARDIS 2013, Berlin, Germany, 27–29 November 2013. Revised Selected Papers, LNCS, vol. 8419, pp. 61–75. Springer (2013)

  36. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, New York (2007)

    MATH  Google Scholar 

  37. Matsui, M.: Linear cryptoanalysis method for des cipher. In: Helleseth, T. (ed.) EUROCRYPT, LNCS, vol. 765, pp. 386–397. Springer (1993)

  38. Meier, W., Staffelbach, O.: Nonlinearity criteria for cryptographic functions. In: Quisquater, J-J., Vandewalle, J. (ed.) EUROCRYPT, LNCS, vol. 434, pp. 549–562. Springer (1989)

  39. Montminy, D.P., Baldwin, R.O., Temple, M.A., Laspe, E.D.: Improving cross-device attacks using zero-mean unit-variance normalization. J. Cryptogr. Eng. 3(2), 99–110 (2013)

    Article  Google Scholar 

  40. Ng, A.Y.: Preventing “overfitting” of cross-validation data. In: Fisher, D.H. (ed.) ICML, pp. 245–253. Morgan Kaufmann, San Francisco (1997)

    Google Scholar 

  41. Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (ed.) Fast Software Encryption, LNCS, vol. 3557. pp. 424–441. Springer, Berlin, Heidelberg (2005)

  42. Rivain, M., Dottax, E., Prouff, E.: Block ciphers implementations provably secure against second order side channel analysis. In: Nyberg, K. (ed.) FSE, LNCS, vol. 5086, pp. 127–143. Springer (2008)

  43. Schapire, R. E.: The boosting approach to machine learning: an overview. In: MSRI Workshop on Nonlinear Estimation and Classification, Berkeley, CA, USA (2001)

  44. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (ed.) CHES, LNCS, vol. 3659, pp. 30–46. Springer (2005)

  45. Standaert, F-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer (2009)

  46. Sugawara, T., Homma, N., Aoki, T., Satoh, A.: Profiling attack using multivariate regression analysis. IEICE Electron. Express 7(15), 1139–1144 (2010)

    Article  Google Scholar 

  47. Tibshirani, R.: Bias, variance, and prediction error for classification rules. Technical report, Statistics Department, University of Toronto, Toronto (1996)

  48. Weisberg, S.: Applied Linear Regression. Wiley Series in Probability and Statistics, Wiley, New York (2005)

    Book  MATH  Google Scholar 

  49. Whitnall, C., Oswald, E.: Profiling DPA: efficacy and efficiency trade-offs. In: Bertoni, G., Coron, J-S. (ed.) CHES, LNCS, vol. 8086, pp. 37–54. Springer (2013)

Download references

Author information

Authors and Affiliations

  1. Quality and Security of Information Systems, Département d’informatique, Université Libre de Bruxelles, Brussels, Belgium

    Liran Lerman & Olivier Markowitch

  2. Machine Learning Group, Département d’informatique, Université Libre de Bruxelles, Brussels, Belgium

    Liran Lerman & Gianluca Bontempi

Authors
  1. Liran Lerman
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Gianluca Bontempi
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Olivier Markowitch
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Liran Lerman.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lerman, L., Bontempi, G. & Markowitch, O. The bias–variance decomposition in profiled attacks. J Cryptogr Eng 5, 255–267 (2015). https://doi.org/10.1007/s13389-015-0106-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-015-0106-1

Keywords