Leakage, leakage, leakage . . . models: How to determine what contributes to leakage, by Si Gao and Elisabeth Oswald

Leakage attacks and simulators strongly rely on crucial knowledge about the state that is being leaked on. Despite 20 years of effort, in terms of how to find the relevant state, we did not actually go very far: to date, we still constantly assume users already know the state, or users can reliably find it based on a few attack trials and their own experience. This is far from the truth that is encountered in practice: whilst software platforms give an illusion of a sequential update to variables, the reality in the underlying hardware is that previous values remain part of the state and many things happen in parallel. We put forward a novel notion for the “completeness” of an assumed state, together with an efficient statistical test that is based on “collapsed models”. This test can even cope in a grey box setting where the state contains multiple 32-bit variables. We illustrate how our novel test can help to guide attacks and leakage simulators, reveal new form of leakage that is previously unknown and deepen our understanding of the realistic leakage as well as the underlying architecture.