less is more
play

Less is More Dimensionality Reduction from a Theoretical - PowerPoint PPT Presentation

Mar 27, 2023 •186 likes •741 views

Less is More Dimensionality Reduction from a Theoretical Perspective CHES 2015 Saint-Malo, France Sept 13 - 16 Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Damien Marion, and Olivier Rioul About us... Nicolas Sylvain Annelie

  1. Less is More Dimensionality Reduction from a Theoretical Perspective CHES 2015 – Saint-Malo, France – Sept 13 - 16 Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Damien Marion, and Olivier Rioul

  2. About us... Nicolas Sylvain Annelie Damien Olivier BRUNEAU GUILLEY HEUSER MARION RIOUL is also with is also with is PhD fellow at is also with is also Prof at Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 2 Sept 14, 2015

  3. Overview Introduction Motivation State-of-the-Art & Contribution Notations and Model Optimal.. ..distinguisher ..dimension reduction Comparison to.. ..PCA ..LDA Numerical Comparison Practical Validation Conclusion Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 3 Sept 14, 2015

  4. Overview Introduction Motivation State-of-the-Art & Contribution Notations and Model Optimal.. ..distinguisher ..dimension reduction Comparison to.. ..PCA ..LDA Numerical Comparison Practical Validation Conclusion Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 4 Sept 14, 2015

  5. Motivation large number of samples/ points of interest Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 5 Sept 14, 2015

  6. Motivation Problem ( profiled and non-profiled side-channel distinguisher) How to reduce dimensionality of multi-dimensional measurements? Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 6 Sept 14, 2015

  7. Motivation Problem ( profiled and non-profiled side-channel distinguisher) How to reduce dimensionality of multi-dimensional measurements? Wish list simplification of the problem concentration of the information (to distinguish using fewer traces) improvement of the computational speed Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 6 Sept 14, 2015

  8. State-of-the-Art I Selection of points of interest manual selection of educated guesses [Oswald et al., 2006] automated techniques: sum-of-square differences (SOSD) and t-test (SOST) [Gierlichs et al., 2006] wavelet transforms [Debande et al., 2012] Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 7 Sept 14, 2015

  9. State-of-the-Art I Selection of points of interest manual selection of educated guesses [Oswald et al., 2006] automated techniques: sum-of-square differences (SOSD) and t-test (SOST) [Gierlichs et al., 2006] wavelet transforms [Debande et al., 2012] Leakage detection metrics ANOVA (e.g. [Choudary and Kuhn, 2013, Danger et al., 2014]) or [Bhasin et al., 2014] ( Normalized Inter-Class Variance (NICV)) Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 7 Sept 14, 2015

  10. State-of-the-Art II Principal Component Analysis compact templates in [Archambeau et al., 2006] reduce traces in [Batina et al., 2012] eigenvalues as a security metric [Guilley et al., 2008] eigenvalues as a distinguisher [Souissi et al., 2010] Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 8 Sept 14, 2015

  11. State-of-the-Art II Principal Component Analysis compact templates in [Archambeau et al., 2006] reduce traces in [Batina et al., 2012] eigenvalues as a security metric [Guilley et al., 2008] eigenvalues as a distinguisher [Souissi et al., 2010] maximizing easily and inter-class accurately variance, but not computed with no intra-class divisions involved variance Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 8 Sept 14, 2015

  12. State-of-the-Art II Linear Discriminant Analysis improved alternative takes inter-class variance and intra-class variance into account empirical comparisons [Standaert and Archambeau, 2008, Renauld et al., 2011, Strobel et al., 2014] maximizing not easily and inter-class accurately variance and computed with no intra-class divisions involved variance Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 9 Sept 14, 2015

  13. State-of-the-Art II Linear Discriminant Analysis improved alternative takes inter-class variance and intra-class variance into account empirical comparisons [Standaert and Archambeau, 2008, Renauld et al., 2011, Strobel et al., 2014] But.. advantages due to the statistical tools, their implementation, data set ... no clear rationale to prefer one method! Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 9 Sept 14, 2015

  14. Contribution dimensional reduction in SCA from a theoretical viewpoint assuming attacker has full knowledge of the leakage derivation of the optimal dimensionality reduction “Less is more” Advantages of dimensionality reduction can come with no impact on the attack success probability! comparison to PCA and LDA: theoretically and practically Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 10 Sept 14, 2015

  15. Notations unknown secret key k ∗ , key byte hypothesis k D different samples, d = 1 , . . . , D Q different traces/ queries, q = 1 , . . . , Q matrix notation M D,Q ( D rows, Q columns) leakage function ϕ sensitive variable: Y q ( k ) = ϕ ( T q ⊕ k ) (normalized variance ∀ q ) Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 11 Sept 14, 2015

  16. Model trace X d,q = α d Y q ( k ∗ ) + N d,q traces X D,Q = α D Y Q ( k ∗ ) + N D,Q noise: zero-mean Gaussian distribution, covariance Σ independent of q but can be correlated among d Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 12 Sept 14, 2015

  17. Overview Introduction Motivation State-of-the-Art & Contribution Notations and Model Optimal.. ..distinguisher ..dimension reduction Comparison to.. ..PCA ..LDA Numerical Comparison Practical Validation Conclusion Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 13 Sept 14, 2015

  18. Optimal distinguisher Data processing theorem [Cover and Thomas, 2006] Any preprocessing like dimensionality reduction can only decrease information. optimal means optimizing the success rate known leakage model: optimal attack ⇒ template attack maximum likelihood principle Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 14 Sept 14, 2015

  19. Optimal distinguisher Data processing theorem [Cover and Thomas, 2006] Any preprocessing like dimensionality reduction can only decrease information. optimal means optimizing the success rate known leakage model: optimal attack ⇒ template attack maximum likelihood principle Given: • Q traces of dimensionality D in a matrix x D,Q • for each trace x D q : a plaintext/ciphertext t q Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 14 Sept 14, 2015

  20. Optimal distinguisher p ( x D,Q | t Q , k ∗ = k ) D ( x D,Q , t Q ) = arg max k p N D,Q ( x D,Q − α D y Q ( k )) = arg max k Q � q ( x D q − α D y q ( k )) = arg max p N D k q =1 where 1 � − 1 T Σ − 1 z D � q ( z D ) = 2( z D ) p N D exp . � (2 π ) D | det Σ | Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 15 Sept 14, 2015

  21. Optimal dimension reduction Theorem The optimal attack on the multivariate traces x D,Q is equivalent to the x Q , obtained from x D,Q by optimal attack on the monovariate traces ˜ the formula: � α D � T Σ − 1 x D x q = ˜ ( q = 1 , . . . , Q ) . q Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 16 Sept 14, 2015

  22. Optimal dimension reduction Theorem The optimal attack on the multivariate traces x D,Q is equivalent to the x Q , obtained from x D,Q by optimal attack on the monovariate traces ˜ the formula: � α D � T Σ − 1 x D x q = ˜ ( q = 1 , . . . , Q ) . q scalar = column D · D × D · row D Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 16 Sept 14, 2015

  23. Proof I taking the logarithm, the optimal distinguisher D ( x D,Q , t Q ) rewrites Q � � � T Σ − 1 � � D ( x D,Q , t Q ) = arg min x D q − α D y q ( k ) x D q − α D y q ( k ) . k q =1 Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 17 Sept 14, 2015

  24. Proof I taking the logarithm, the optimal distinguisher D ( x D,Q , t Q ) rewrites Q � � � T Σ − 1 � � D ( x D,Q , t Q ) = arg min x D q − α D y q ( k ) x D q − α D y q ( k ) . k q =1 expansion gives T Σ − 1 x D T y q ( k )Σ − 1 x D T Σ − 1 α D ( x D − 2( α D ) q + ( y q ( k )) 2 ( α D ) q ) q � �� � cst. C independent of k � � + ( y q ( k )) 2 � T Σ − 1 α D � T Σ − 1 x D ( α D ) ( α D ) = C − 2 y q ( k ) q y q ( k ) − ( α D ) T Σ − 1 x D T Σ − 1 α D �� � 2 � q ( α D ) + C ′ . = ( α D ) T Σ − 1 α D Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 17 Sept 14, 2015

  25. Proof II so, for D ( x D,Q , t Q ) we obtain Q y q ( k ) − ( α D ) T Σ − 1 x D � � 2 � � T Σ − 1 α D � q D ( x D,Q , t Q ) = arg min ( α D ) ( α D ) T Σ − 1 α D k q =1 Q � � 2 x q − y q ( k ) ˜ � = arg min , σ 2 ˜ k q =1 where  σ 2 · ( α D ) T Σ − 1 x D x q ˜ = ˜ q ,     � ( α D ) T Σ − 1 α D � − 1 / 2 .  σ ˜ =  Institut Mines-Télécom Dimensionality Reduction from a Theoretical Perspective 18 Sept 14, 2015

Recommend

More recommend