Towards fair side-channel security evaluations

Side-channel attacks appeared for the first time in the late 90's. They rely on the observation that the physical features of a cryptographic device may reflect its internal activity which may reveal sensitive information such as encryption keys. This unintended leakage is hardly controlled, and in general cannot be totally prevented. Therefore, determining the true security level given these leakages is an important open problem in modern cryptography. In order to provide worst-case security guarantees, the evaluator needs to accurately model the leakages. Yet, in practice, various issues may be encountered and make this task challenging. For example: (i) the sensitive data is generally processed at different times, hence the leaked information is spread in the measurements, (ii) the leakage model may be biased, in which case a part of the leaked information is missed. In this thesis, we aim to contribute to the fair evaluation of cryptographic devices in three directions: (1) the leakage detection, (2) the detection of Points-Of-Interest (POIs), and (3) the leakage certification. The leakage detection determines if data-dependent leakages are present in the measurements, independent of whether they can be exploited. By contrast, the POI detection identifies the samples that can be used to recover the secret key. In the first part of the thesis, we investigate these two tasks and put forward that while having different purposes, they are also connected to a significant extent. We also propose concrete improvements for both, and show how to exploit heuristic optimization algorithms to improve the POI detection for implementations protected by side-channel attack countermeasures. In the second part of the thesis, we introduce leakage certification methods in order to test the quality of the evaluator's model. We show how the sources of error can be separately identified and quantified. Moreover, we show that the underlying information loss can be bounded.