Attacking Masked Cryptographic Implementations: Information-Theoretic Bounds

TL;DR

This paper derives information-theoretic bounds on the effectiveness of side-channel attacks on masked cryptographic implementations, providing a fundamental understanding of security limits based on leakage and masking models.

Contribution

It introduces generic bounds on attack success rates for masked cryptography using mutual information, independent of specific attack strategies.

Findings

Bounds match the performance of optimal maximum likelihood attacks

Numerical evaluations validate the bounds' practical relevance

Provides a theoretical framework for assessing side-channel security

Abstract

Measuring the information leakage is critical for evaluating the practical security of cryptographic devices against side-channel analysis. Information-theoretic measures can be used (along with Fano's inequality) to derive upper bounds on the success rate of any possible attack in terms of the number of side-channel measurements. Equivalently, this gives lower bounds on the number of queries for a given success probability of attack. In this paper, we consider cryptographic implementations protected by (first-order) masking schemes, and derive several information-theoretic bounds on the efficiency of any (second-order) attack. The obtained bounds are generic in that they do not depend on a specific attack but only on the leakage and masking models, through the mutual information between side-channel measurements and the secret key. Numerical evaluations confirm that our bounds reflect the practical performance of optimal maximum likelihood attacks.