Points of Interest in Template Attack n CW305 ECC

AlanLee · July 6, 2021, 2:59am

Dear all,

In template attack, it always surprises me that we could find out POIs using the pairwise differences between average traces, how could these POIs show up? Does there exist any theory predicting POIs would reveal in this way?
In CW305 ECC, we try to find out the points that make bit 1 and bit 0 differ from each other the most, to do so, we would use their respective average traces. Similar to 1., how could this work? Why would the differences between average traces reveal the distinctions between bit 1 and bit 0?

Alan.

jpthibault · July 6, 2021, 2:30pm

Hi Alan,

1- I’m not sure I understand your question; this is the root of side-channel leakage, isn’t it? Code execution depends on some secret, and POIs are points in time where power differences stemming from the secret-dependent code execution can be observed. As for predicting POIs – they will occur whenever secret-dependent code is being run. The trick, for an attacker, is in leveraging that for an efficient attack; or for a defender, to reduce the leakage to the point where an efficient attack is no longer possible.

2- In the CW305 ECC demo we use trace averaging to average out the “noise”, essentially. In the case of ECC, we’re looking at a multiplication between two operands, one of which is secret. The power consumption depends on both operands. By averaging many traces with the secret operand constant and the public operand variable, we can average out the public operand’s contribution to the power consumption.

Jean-Pierre

AlanLee · July 7, 2021, 7:50am

Hi Jean,

Thanks, you really helped me so much, after these discussions, I gained a more clear view on what I’m doing.
So can we regard the points found in 2 as POIs?

Alan.

jpthibault · July 7, 2021, 2:07pm

Yes, absolutely!
Regards,
Jean-Pierre