Bernoulli at the Root of Horizontal Side Channel Attacks

Vertical side-channel attacks represent a major threat to the confidentiality of enclosed secrets in hardware devices. Fortunately, countermeasures such as blinding or masking are nowadays quasi-systematically used to protect implementations of asymmetric cryptographic algorithms (RSA, ECDSA). Horizontal attacks thus constitute an interesting alternative for adversaries. They aim at recovering the secret exponent or scalar using a single trace, thus bypassing the blinding countermeasure. Several attacks have been proposed, based for instance on statistical distinguisher or clustering techniques. However, the success of these attacks relies heavily on the selection of Points of Interest (PoI) carrying leakage, extracted from acquired signals. In this context, this work aims at providing a framework for the selection of PoI in the context of noisy traces. It is based on statistical tests applied to the distribution of each point; these tests have been derived from the analysis of noise impact on distributions. Experiments performed with this framework emphasize a gap reduction in terms of attack success rates between unsupervised and supervised attacks.