In the past few decades, DPA-based side-channel attack strategies, such as DPA and CPA, have shown strong ability to analyze the security of the cryptographic implementations. However, the unpredictability of the leakage model and the correspondence between leakage behavior of the target device and the hypothetical leakage value make it less-effective without prior knowledge. Therefore, in this paper, we present a novel generic side-channel analysis method called Gini-impurity Index Analysis (GIA), utilizing Gini-impurity Index as the distinguisher, which can perform well even without any leakage model and is not sensitive to the existing methods’ restrictions about the leakage behavior. Firstly, we introduce the basic idea of GIA. According to the proposed GIA attack strategy, the Gini-impurity index for each key hypothesis should be calculated, determined by the clustered power consumption and the classified subsets based on the key dependent target function. Secondly, we verify the feasibility and evaluate the efficiency of GIA with different target functions by the practical experimental results against AES-128 implemented on an AT89S52 microcontroller. We present one possible multivariate extension of GIA and find the advantage of GIA on leakage information utilization. Thirdly, we present the results of comparisons. On the one hand, we compare GIA with three widely-used distinguishers under simulated traces in various leakage scenarios and practical traces with Hamming-weight-related leakage. Results confirm that GIA can always perform well with different leakage models in most situations. On the other hand, we analyze the relationship between GIA and Mutual Information Analysis (MIA). Theoretical and experimental results confirm that these two methods can obtain similar attack results. However, the guessing entropy of GIA is lower than MIA by up to 21%, and the averaged computational time overhead of GIA is lower than MIA by up to 13.3%, indicating that GIA is more efficient than MIA. Compared to traditional MIA, GIA is easier to operate and more flexible with noise. Therefore, GIA is an efficient and useful alternative to these existed strategies.

中文翻译：

---

基尼-杂质指数分析

在过去的几十年中，基于DPA的边信道攻击策略（例如DPA和CPA）显示出了强大的能力来分析加密实现的安全性。但是，泄漏模型的不可预测性以及目标设备的泄漏行为与假设的泄漏值之间的对应关系使它在没有先验知识的情况下效率较低。因此，在本文中，我们提出了一种新的通用边通道分析方法，称为基尼杂质指数分析（GIA），该方法利用基尼杂质指数作为区分器，即使没有任何泄漏模型也可以表现良好，并且对基波不敏感。现有方法对泄漏行为的限制。首先，我们介绍了GIA的基本概念。根据拟议的GIA攻击策略，应计算每个关键假设的吉尼杂质指数，由群集功耗和基于键相关目标函数的分类子集确定。其次，我们通过针对AT89S52微控制器上实现的AES-128的实际实验结果，验证了具有不同目标功能的GIA的可行性并评估了其效率。我们提出了GIA的一种可能的多元扩展，并发现了GIA在泄漏信息利用方面的优势。第三，我们提出比较的结果。一方面，我们将GIA与三种广泛使用的区分器进行了比较，这些区分器在各种泄漏情况下的模拟迹线下以及在汉明重量相关泄漏下的实际迹线下进行比较。结果证实，在大多数情况下，GIA始终可以在不同的泄漏模型下表现良好。另一方面，我们分析了GIA和相互信息分析（MIA）之间的关系。理论和实验结果证实这两种方法可以获得相似的攻击结果。但是，GIA的猜测熵比MIA低多达21％，并且GIA的平均计算时间开销比MIA低多达13.3％，这表明GIA比MIA更有效。与传统的MIA相比，GIA更加易于操作，并且在噪声方面更加灵活。因此，GIA是这些现有策略的有效替代方法。与传统的MIA相比，GIA更加易于操作，并且在噪声方面更加灵活。因此，GIA是这些现有策略的有效替代方法。与传统的MIA相比，GIA更加易于操作，并且在噪声方面更加灵活。因此，GIA是这些现有策略的有效替代方法。