A Fast and Accurate Guessing Entropy Estimation Algorithm for Full-key Recovery

Authors

  • Ziyue Zhang Department of Math., Northeastern University, Boston, MA, USA
  • A. Adam Ding Department of Math., Northeastern University, Boston, MA, USA
  • Yunsi Fei Department of Math., Northeastern University, Boston, MA, USA

DOI:

https://doi.org/10.13154/tches.v2020.i2.26-48

Keywords:

Side-channel analysis, guessing entropy, i-th order success rate, multivariate-Gaussian distribution, additive score distinguisher

Abstract

Guessing entropy (GE) is a widely adopted metric that measures the average computational cost needed for a successful side-channel analysis (SCA). However, with current estimation methods where the evaluator has to average the correct key rank over many independent side-channel leakage measurement sets, full-key GE estimation is impractical due to its prohibitive computing requirement. A recent estimation method based on posterior probabilities, although scalable, is not accurate.
We propose a new guessing entropy estimation algorithm (GEEA) based on theoretical distributions of the ranking score vectors. By discovering the relationship of GE with pairwise success rates and utilizing it, GEEA uses a sum of many univariate Gaussian probabilities instead of multi-variate Gaussian probabilities, significantly improving the computation efficiency.
We show that GEEA is more accurate and efficient than all current GE estimations. To the best of our knowledge, it is the only practical full-key GE evaluation on given experimental data sets which the evaluator has access to. Moreover, it can accurately predict the GE for larger sizes than the experimental data sets, providing comprehensive security evaluation.

Downloads

Published

2020-03-02

Issue

Section

Articles

How to Cite

Zhang, Z., Ding, A. A., & Fei, Y. (2020). A Fast and Accurate Guessing Entropy Estimation Algorithm for Full-key Recovery. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2), 26-48. https://doi.org/10.13154/tches.v2020.i2.26-48