How to Choose Interesting Points for Template Attacks More Effectively?

Abstract

Template attacks are widely accepted to be the most powerful side-channel attacks from an information theoretic point of view. For template attacks to be practical, one needs to choose some special samples as the interesting points in actual power traces. Up to now, many different approaches were introduced for choosing interesting points for template attacks. However, it is unknown that whether or not the previous approaches of choosing interesting points will lead to the best classification performance of template attacks. In this work, we give a negative answer to this important question by introducing a practical new approach which has completely different basic principle compared with all the previous approaches. Our new approach chooses the point whose distribution of samples approximates to a normal distribution as the interesting point. Evaluation results exhibit that template attacks based on the interesting points chosen by our new approach can achieve obvious better classification performance compared with template attacks based on the interesting points chosen by the previous approaches. Therefore, our new approach of choosing interesting points should be used in practice to better understand the practical threats of template attacks.

Appendix A: The Proof of Lemma 2

Proof:

For simplicity, we only consider the case when \(N=2\). For the case \(N>2\), this Lemma holds similarly.

Let \((\xi ,\eta )\) denote a 2 dimensional random vector. The continuous distribution function and the probability density function of the 2 dimensional random vector respectively are F(x, y) and p(x, y). Then, the marginal distribution functions are as follows:

$$ F_1(x)=\int ^x_{-\infty }\int ^{\infty }_{-\infty }p(u,y)dudy,~F_2(y)=\int ^{\infty }_{-\infty }\int ^y_{-\infty }p(x,u)dxdu. $$

The marginal density functions are as follows:

$$\begin{aligned} p_1(x)=\int ^{\infty }_{-\infty }p(x,y)dy,~p_2(y)=\int ^{\infty }_{-\infty }p(x,y)dx. \end{aligned}$$

For 2 dimensional multivariate Gaussian distribution, it has that

$$ p(x,y)=\frac{1}{2\pi |\mathbf C |}exp\Big \{-\frac{1}{2}(x-a,y-b)\cdot \mathbf C ^{-1}\cdot (x-a,y-b)^{T}\Big \}, $$

where

$$ \mathbf C =\left( \begin{array}{cc} \sigma ^2_1 &{} r\sigma _1\sigma _2 \\ r\sigma _1\sigma _2 &{} \sigma ^2_2 \\ \end{array} \right) $$

and the values \(a,b,\sigma _1,\sigma _2,r\) are constant, \(\sigma _1>0,\sigma _2>0,|r|<1\). The probability density function p(x, y) can be rewritten as follows

$$\begin{aligned} p(x,y)= & {} \frac{1}{2\pi \sigma _1\sigma _2\sqrt{1-r^2}}exp\Big \{-\frac{1}{2(1-r^2)}\cdot \Big [\frac{(x-a)^2}{\sigma ^2_1}\\&\quad -\frac{2r(x-a)(y-b)}{\sigma _1\sigma _2}+\frac{(y-b)^2}{\sigma ^2_2}\Big ]\Big \}. \end{aligned}$$

Let

$$ \frac{x-a}{\sigma _1}=u,\frac{y-b}{\sigma _2}=v $$

and it has that

$$\begin{aligned} p_1(x)=\int ^{\infty }_{-\infty }p(x,y)dy \end{aligned}$$

$$\begin{aligned} =\frac{1}{2\pi \sigma _1\sqrt{1-r^2}}\int ^{\infty }_{-\infty }exp\Big \{-\frac{1}{2(1-r^2)}\cdot [u^2-2ruv+v^2]\Big \}dv \end{aligned}$$

$$\begin{aligned} =\frac{1}{\sqrt{2\pi }\sigma _1}e^{-u^2/2}\int ^{\infty }_{-\infty }\frac{1}{\sqrt{2\pi (1-r^2)}}\cdot exp\Big \{-\frac{r^2u^2-2ruv+v^2}{2(1-r^2)}\Big \}dv \end{aligned}$$

$$\begin{aligned} =\frac{1}{\sqrt{2\pi }\sigma _1}e^{-u^2/2}\int ^{\infty }_{-\infty }\frac{1}{\sqrt{2\pi (1-r^2)}}e^{-(v-ru)^2/2(1-r^2)}dv \end{aligned}$$

$$\begin{aligned} =\frac{1}{\sqrt{2\pi }\sigma _1}e^{-u^2/2}=\frac{1}{\sqrt{2\pi }\sigma _1}e^{-(x-a)^2/2\sigma ^2_1}. \end{aligned}$$

Therefore, \(p_1(x)\) is the probability density function of the normal distribution \(\mathcal {N}(a,\sigma ^2_1)\). Similarly, we can prove that

$$\begin{aligned} p_2(y)=\frac{1}{\sqrt{2\pi }\sigma _2}e^{-(x-b)^2/2\sigma ^2_2}. \end{aligned}$$

In this way, Lemma 2 is proven. \(\square \)