Attacking Masked Cryptographic Implementations: Information-Theoretic Bounds
This work addresses security evaluation for cryptographic devices, providing generic bounds that are incremental but useful for assessing practical vulnerabilities.
The paper tackles the problem of evaluating side-channel attack efficiency on masked cryptographic implementations by deriving information-theoretic bounds on attack success rates and required measurements, with numerical evaluations showing these bounds align with optimal attack performance.
Measuring the information leakage is critical for evaluating the practical security of cryptographic devices against side-channel analysis. Information-theoretic measures can be used (along with Fano's inequality) to derive upper bounds on the success rate of any possible attack in terms of the number of side-channel measurements. Equivalently, this gives lower bounds on the number of queries for a given success probability of attack. In this paper, we consider cryptographic implementations protected by (first-order) masking schemes, and derive several information-theoretic bounds on the efficiency of any (second-order) attack. The obtained bounds are generic in that they do not depend on a specific attack but only on the leakage and masking models, through the mutual information between side-channel measurements and the secret key. Numerical evaluations confirm that our bounds reflect the practical performance of optimal maximum likelihood attacks.