Abstract
Notations Throughout this chapter we use the same notations as above (see Sect. 2.1). Recall that, during an attack, we consider that the adversary targets the manipulation of a single sensitive variable Z, such that \(Z=F(X,k)\). Typically \(Z=sbox(X\oplus k)\), such that \(s-box\) denotes a substitution box and \(\oplus \) denotes the bitwise addition. The attack is carried out with N traces \(\vec {l}_0\), ..., \(\vec {l}_{N-1}\). Each \(\vec {l_i}\hookleftarrow \vec {L}\) corresponds to the processing of \(z_i=F(x_i,k)\). The number of samples per traces (instantaneous leakage points) is denoted by D.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This assumption is reasonable when the code or the hardware is reused; this occurs in practice for the sake of cost overhead mitigation.
- 2.
Note that we employ the notation \({{\,\mathrm{argmin}\,}}_{k^{(\cdot )}} \min _\phi \), which suggests that, first of all, a minimization on \(\phi \) is performed for a set of vectorial keys \(k^{(\cdot )}\), and then that the minimal value for all \(k^{(\cdot )}\) is sought, and the corresponding key set is returned. But actually, the minimization is not forced to be in this order, as \(k^{(\cdot )}\in (\mathbb {F}_2^n)^W\) and \(\phi :\mathbb {F}_2^n\rightarrow \mathbb {R}\) are independent variables.
References
Ouladj M, El Mrabet N, Guilley S, Guillot P, Millérioux G (2020) On the power of template attacks in highly multivariate context. J Cryptograph Eng - JCEN (2020)
Cochran WG (1934) The distribution of quadratic forms in a normal system, with application to the analysis of covariance. Math Proc Cambridge Philos Soc 30:178–191
Heuser A, Rioul O, Guilley S, Good is not good enough - deriving optimal distinguishers from communication theory. In: Batina and Robshaw [14], pp 55–74
Prouff E, Rivain M, Bevan R (2009) Statistical analysis of second order differential power analysis. IEEE Trans Comput 58(6):799–811
Bruneau N, Carlet C, Guilley S, Heuser A, Prouff E, Rioul O (2017) Stochastic collision attack. IEEE Trans Inf Forens Secur 12(9):2090–2104
Bruneau N, Guilley S, Heuser A, Rioul O (2014) Masks will fall off – higher-order optimal distinguishers. In: Sarkar P, Iwata T (eds), Advances in cryptology – ASIACRYPT 2014 - 20th international conference on the theory and application of cryptology and information security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings, Part II. Lecture notes in computer science, vol 8874. Springer, pp 344–365
Bruneau N, Guilley S, Heuser A, Marion D, Rioul O, Less is more - dimensionality reduction from a theoretical perspective. In: Güneysu and Handschuh [99], pp 22–41
Mahalanobis PC (1936) On the generalised distance in statistics. Proc Natl Inst Sci India 2(1):49–55
Werner S, Kerstin L, Paar C (2005) A model stochastic, for differential side channel cryptanalysis. In: LNCS (ed), CHES. LNCS, vol 3659. Springer, Edinburgh, pp. 30–46
François-Xavier S, François K, Werner S (2009) How to compare profiled side-channel attacks? In: Applied cryptography and network security. Lecture notes in computer science, vol 5536. Springer, Berlin, pp 485–498
Beveridge GSG, Schechter RS (1970) Optimization: theory and practice. Includes indexes. McGraw-Hill, New York
Carlet C, Guillot P (1999) A new representation of Boolean functions. In: Fossorier MPC, Imai H, Lin S, Poli A (eds), AAECC. Lecture notes in computer science, vol 1719, pp 94–103. Springer
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ouladj, M., Guilley, S. (2021). Coalescence Principle. In: Side-Channel Analysis of Embedded Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-77222-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-77222-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77221-5
Online ISBN: 978-3-030-77222-2
eBook Packages: Computer ScienceComputer Science (R0)