Design Article
Defending against side-channel attacks - Part 3
Gilbert Goodwill, Cryptography Research, Inc.
10/3/2012 5:52 AM EDT
4.3 Description of the t-tests
Each test is performed as follows:
1. Specification of data to be used: The evaluator specifies what the set of traces must be used for the test. The set of traces are divided into two disjoint groups, Group 1 and Group 2. These are the two disjoint data sets for performing the two independent Welch’s t-tests.
2. Group 1 test:
a. Based on the algorithm being tested, the evaluator specifies a partitioning of the traces in Group 1 into two subsets A and B. This partitioning is algorithm-specific, and selected to highlight calculations likely to have problems. Let NA and NB be the size of the subsets A and B.
b. Compute XA, the average of all the traces in group A; XB, the average of all traces in group B; SA, the sample standard deviation of all the traces in group A; and SB, the sample standard deviation of all the traces in group B. Note that, as each trace is a vector of measurements across time, and the average and sample standard deviations of the traces are also vectors over the same points in time.
That is, the averages and sample standard deviations are computed point-wise within the traces for each point in time.
c. Compute the t-statistic trace T (over the same time instants) as
.jpg)
Note that the above calculation is performed point-wise, for each time instant in the traces for XA, XB, SA and SB.
d. Note the time instants in the t-test statistic trace T, where the value exceeds the confidence threshold ±C, where C is specified in the evaluator.
3. Group 2 test: The testing steps are the same as those for Group 1, except that the measurement traces, and its subsets A and B will be different. Again the time instants where the t-static trace computed over Group 2, exceeds the threshold ±C are noted.
If there is any point in time for which the t-test statistic exceeds ±C for both Group 1 and Group 2, the device fails. Otherwise, the device passes this test. In some cases, the evaluator may specify a particular region in the trace to consider for a particular test. For example, the test may require that only the time-instances corresponding to the middle third of the AES calculation be used to determine pass/fail.
Each test is performed as follows:
1. Specification of data to be used: The evaluator specifies what the set of traces must be used for the test. The set of traces are divided into two disjoint groups, Group 1 and Group 2. These are the two disjoint data sets for performing the two independent Welch’s t-tests.
2. Group 1 test:
a. Based on the algorithm being tested, the evaluator specifies a partitioning of the traces in Group 1 into two subsets A and B. This partitioning is algorithm-specific, and selected to highlight calculations likely to have problems. Let NA and NB be the size of the subsets A and B.
b. Compute XA, the average of all the traces in group A; XB, the average of all traces in group B; SA, the sample standard deviation of all the traces in group A; and SB, the sample standard deviation of all the traces in group B. Note that, as each trace is a vector of measurements across time, and the average and sample standard deviations of the traces are also vectors over the same points in time.
That is, the averages and sample standard deviations are computed point-wise within the traces for each point in time.
c. Compute the t-statistic trace T (over the same time instants) as
Note that the above calculation is performed point-wise, for each time instant in the traces for XA, XB, SA and SB.
d. Note the time instants in the t-test statistic trace T, where the value exceeds the confidence threshold ±C, where C is specified in the evaluator.
3. Group 2 test: The testing steps are the same as those for Group 1, except that the measurement traces, and its subsets A and B will be different. Again the time instants where the t-static trace computed over Group 2, exceeds the threshold ±C are noted.
If there is any point in time for which the t-test statistic exceeds ±C for both Group 1 and Group 2, the device fails. Otherwise, the device passes this test. In some cases, the evaluator may specify a particular region in the trace to consider for a particular test. For example, the test may require that only the time-instances corresponding to the middle third of the AES calculation be used to determine pass/fail.
|
|
|
|
|
Navigate to related information