Perceived Information Revisited II

Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks

Authors

  • Akira Ito NTT Social Informatics Laboratories, Nippon Telegraph and Telephone Corporation, 3–9–11 Midori-cho, Musashino-shi, Tokyo, 180-8585, Japan
  • Rei Ueno Kyoto University, Yoshidahommachi, Sakyo-ku, Kyoto, 606-8501, Japan
  • Naofumi Homma Tohoku University, 2–1–1 Katahira, Aoba-ku, Sendai-shi, Miyagi, 980-8577, Japan

DOI:

https://doi.org/10.46586/tches.v2025.i1.450-474

Keywords:

Profiled side-channel attacks, Perceived information, Success rate, Deep learning, Information theory

Abstract

Previous studies on deep-learning-based side-channel attacks (DL-SCAs) have shown that traditional performance evaluation metrics commonly used in DL, like accuracy and F1 score, are not effective in evaluating DL-SCA performance. Therefore, some previous studies have proposed new alternative metrics for evaluating the performance of DL-SCAs. Notably, perceived information (PI) and effective perceived information (EPI) are major metrics based on information theory. While it has been experimentally confirmed that these metrics can give the attack success rate (SR) for DL-SCAs, their theoretical validity remains unclear.

In this paper, we propose a new theoretically valid performance evaluation metric called latent perceived information (LPI), which serves as an alternative to the existing metrics. LPI is defined as the mutual information between the output of the feature extractor of a neural network (NN) model and the intermediate value, representing the potential attack performance of the trained model. First, we prove that LPI provides an upper bound on the SR of a DL-SCA by modeling and formulating DL-SCA as a communication channel. Additionally, we clarify the conditions under which PI and EPI theoretically provide an upper bound on the SR from the perspective of LPI. For practical computation of LPI, we present two methods. One utilizes the Kraskov (KSG) estimator, a common mutual information estimator, and the other is based on logistic regression. While the KSG estimator is computationally intensive, it yields accurate LPI values. In contrast, the logistic regression is faster but provides a lower bound for LPI. Through experimental attacks on AES software and hardware implementations with masking countermeasures, we demonstrate that the LPI values estimated by these two methods are significantly similar, indicating the reliability and soundness of our proposed estimation techniques. Furthermore, we show that, by using the logistic regression as a classifier, we can significantly improve the attack performance of the trained model when the difference between the SR upper bound by the LPI and its actual SR is large. This indicates that LPI represents the potential for performance improvement in the trained model. Therefore, our study contributes to optimizing the distinguisher for attack performance using the trained model.

Downloads

Published

2024-12-09

Issue

Vol. 2025 No. 1

Section

Articles

License

Copyright (c) 2024 Akira Ito, Rei Ueno, Naofumi Homma

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Perceived Information Revisited II: Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(1), 450-474. https://doi.org/10.46586/tches.v2025.i1.450-474