Skip to main content
SpringerLink
Log in

Computational aspects of correlation power analysis

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Since the discovery of simple power attacks, the cryptographic research community has developed significantly more advanced attack methods. The idea behind most algorithms remains to perform a statistical analysis by correlating the power trace obtained when executing a cryptographic primitive to a key-dependent guess. With the advancements of cryptographic countermeasures, it is not uncommon that sophisticated (higher order) power attacks require computation on many millions of power traces to find the desired correlation. In this paper, we study the computational aspects of calculating the most widely used correlation coefficient: the Pearson product-moment correlation coefficient. We study various time–memory trade-off techniques which apply specifically to the cryptologic setting and present methods to extend already completed computations using incremental versions. Moreover, we show how this technique can be applied to second-order attacks, reducing the attack cost significantly when adding new traces to an existing dataset. We also present methods which allow one to split the potentially huge trace set into smaller, more manageable chunks to reduce the memory requirements. Our parallel implementation of these techniques highlights the benefits of this approach as it allows efficient computations on power measurements consisting of hundreds of gigabytes on a single modern workstation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Article Open access 05 August 2022

Roman Rietsche, Christian Dremel, … Jan-Marco Leimeister

Notes

  1. This also aids security evaluators to measure the minimum number of traces required to launch a successful attack.

References

  1. Bartkewitz, T., Lemke-Rust, K.: A high-performance implementation of differential power analysis on graphics cards. In: Prouff, E. (ed.) CARDIS 2011, Lecture Notes in Computer Science, vol. 7079, pp. 252–265. Springer (2011)

  2. Batina, L., Gierlichs, B., Lemke-Rust, K.: Comparative evaluation of rank correlation based DPA on an AES prototype chip. In: Wu, T.C., Lei, C.L., Rijmen, V., Lee, D.T. (eds.) ISC 2008, LNCS, vol. 5222, pp. 341–354. Springer, Berlin, Germany, Taipei, Taiwan (2008)

  3. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II, LNCS, vol. 8874, pp. 326–343. Springer, Berlin, Germany, Kaoshiung, Taiwan, R.O.C. (2014). doi:10.1007/978-3-662-45608-8_18

  4. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 14, LNCS, vol. 8469, pp. 267–284. Springer, Berlin, Germany, Marrakesh, Morocco (2014). doi:10.1007/978-3-319-06734-6_17

  5. Brier, E., Clavier, C., Olivier, F.: Optimal statistical power analysis. Cryptology ePrint Archive, Report 2003/152 (2003). http://eprint.iacr.org/2003/152

  6. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004, LNCS, vol. 3156, pp. 16–29. Springer, Berlin, Germany, Cambridge, Massachusetts, USA (2004)

  7. Chan, T.F., Golub, G.H., LeVeque, R.J.: Algorithms for computing the sample variance: Analysis and recommendations. The American Statistician 37(3), 242–247 (1983)

    MathSciNet  MATH  Google Scholar 

  8. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) CRYPTO’99, LNCS, vol. 1666, pp. 398–412. Springer, Berlin, Germany, Santa Barbara, CA, USA (1999)

  9. Daemen, J., Rijmen, V.: The design of Rijndael: AES— the Advanced Encryption Standard. Springer, (2002)

  10. Dunlap, J.W.: Combinative properties of correlation coefficients. The Journal of Experimental Education 5(3), 286–288 (1937)

    Article  Google Scholar 

  11. Goubin, L., Patarin, J.: DES and differential power analysis (the “duplication” method). In: Koç, Ç., Paar, C. (eds.) CHES’99, LNCS, vol. 1717, pp. 158–172. Springer, Berlin, Germany, Worcester, Massachusetts, USA (1999)

  12. Joye, M., Paillier, P., Schoenmakers, B.: On second-order differential power analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 293–308. Springer, Berlin, Germany, Edinburgh, UK (2005)

  13. Kendall, M.G.: A new measure of rank correlation. Biometrika 30(1–2), 81–93 (1938). doi:10.1093/biomet/30.1-2.81

    Article  MATH  Google Scholar 

  14. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO’99, LNCS, vol. 1666, pp. 388–397. Springer, Berlin, Germany, Santa Barbara, CA, USA (1999)

  15. Le, T.H., Clédière, J., Canovas, C., Robisson, B., Servière, C., Lacoume, J.L.: A proposition for correlation power analysis enhancement. In: Goubin, L., Matsui, M. (eds.) CHES 2006, LNCS, vol. 4249, pp. 174–186. Springer, Berlin, Germany, Yokohama, Japan (2006)

  16. Lomné, V., Prouff, E., Roche, T.: Behind the scene of side channel attacks. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I, LNCS, vol. 8269, pp. 506–525. Springer, Berlin, Germany, Bengalore, India (2013). doi:10.1007/978-3-642-42033-7_26

  17. Lomné, V., Prouff, E., Roche, T.: Behind the scene of side channel attacks. Cryptology ePrint Archive, Report 2013/794 (2013). http://eprint.iacr.org/2013/794

  18. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: Revealing the secrets of smart cards. Springer, (2007)

  19. Mangard, S., Oswald, E., Standaert, F.: One for all - all for one: unifying standard differential power analysis attacks. IET Information Security 5(2), 100–110 (2011). doi:10.1049/iet-ifs.2010.0096

    Article  Google Scholar 

  20. Mather, L., Oswald, E., Whitnall, C.: Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I, LNCS, vol. 8873, pp. 243–261. Springer, Berlin, Germany, Kaoshiung, Taiwan, R.O.C. (2014). doi:10.1007/978-3-662-45611-8_13

  21. Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000, LNCS, vol. 1965, pp. 238–251. Springer, Berlin, Germany, Worcester, Massachusetts, USA (2000)

  22. Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures - an analysis of the xilinx virtex-4 and virtex-5 bitstream encryption mechanism. In: Dunkelman, O. (ed.) CT-RSA 2012, LNCS, vol. 7178, pp. 1–18. Springer, Berlin, Germany, San Francisco, CA, USA (2012)

  23. Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate - (case study of a glitch-resistant masking scheme). In: Bertoni, G., Coron, J.S. (eds.) CHES 2013, LNCS, vol. 8086, pp. 1–20. Springer, Berlin, Germany, Santa Barbara, California, US (2013). doi:10.1007/978-3-642-40349-1_1

  24. Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.X. (eds.) CHES 2010, LNCS, vol. 6225, pp. 125–139. Springer, Berlin, Germany, Santa Barbara, California, USA (2010)

  25. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: A very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011, LNCS, vol. 6632, pp. 69–88. Springer, Berlin, Germany, Tallinn, Estonia (2011)

  26. Mueller, F.: A library implementation of POSIX threads under UNIX. In: USENIX Winter, pp. 29–42 (1993)

  27. Pearson, K.: Note on regression and inheritance in the case of two parents. Proceedings of the Royal Society of London 58(347–352), 240–242 (1895)

    Article  Google Scholar 

  28. Philippe Prbay: Formulas for Robust, One-Pass Parallel Computation of Covariances and Arbitrary-Order Statistical Moments. Technical Report SAND2008-6212, Sandia National Laboratories (2008). http://prod.sandia.gov/techlib/access-control.cgi/2008/086212.pdf

  29. Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. Journal of Cryptology 24(2), 322–345 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  30. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. Computers, IEEE Transactions on 58(6), 799–811 (2009). doi:10.1109/TC.2009.15

    Article  MathSciNet  MATH  Google Scholar 

  31. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, LNCS, vol. 3860, pp. 208–225. Springer, Berlin, Germany, San Jose, CA, USA (2006)

  32. Spearman, C.: The proof and measurement of association between two things. The American Journal of Psychology 15(1), 72–101 (1904)

    Article  Google Scholar 

  33. Standaert, F.X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010, LNCS, vol. 6477, pp. 112–129. Springer, Berlin, Germany, Singapore (2010)

  34. Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004, LNCS, vol. 3156, pp. 1–15. Springer, Berlin, Germany, Cambridge, Massachusetts, USA (2004)

Download references

Acknowledgments

We wish to thank Arjen K. Lenstra, Robert Granger, Ventzislav Nikov, and Miroslav Knezevic for fruitful discussions and proofreading an earlier version of this work. Furthermore, we wish to thank the anonymous JCEN reviewers for their useful comments.

Author information

Authors and Affiliations

  1. EPFL, Lausanne, Switzerland

    Paul Bottinelli

  2. NXP Semiconductors, Leuven, Belgium

    Joppe W. Bos

Authors
  1. Paul Bottinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joppe W. Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joppe W. Bos.

Additional information

This work was done while the Paul Bottinelli was an intern in the innovation center crypto & security at NXP Semiconductors.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bottinelli, P., Bos, J.W. Computational aspects of correlation power analysis. J Cryptogr Eng 7, 167–181 (2017). https://doi.org/10.1007/s13389-016-0122-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-016-0122-9

Keywords

Search

Navigation