On the Implementation Efficiency of Linear Regression-Based Side-Channel Attacks

Cryptographic protocol implementations in both software and hardware leak sensitive information during their execution. Side-channel attacks (SCA) consist in analyzing this information in order to reveal the secret parameters of the protocols. Among the different SCA introduced in the literature, the Linear Regression Analysis (LRA) has been argued to be particularly interesting when few information is available on the hardware architecture of the device executing the protocol (e.g. if the so called Hamming weight model does not hold). However, the computing complexity of the existing LRA implementation is high, which explains why other techniques like e.g. the Correlation Power Analysis (CPA) is often preferred in practice. This paper aims improving the LRA implementation complexity (in memory space and computation) against both unprotected and protected implementations in uni- and multi-variate contexts. In addition we exhibit the relationship between the LRA and the Numerical Normal Form (NNF), which has been originally introduced in the field of Boolean functions. Thanks to this relationship, we deduce the polynomial degree of the normalized product combination of the arithmetic masking. Our improvements have been assessed using simulated leakage of a running AES.