A statistical verification method of random permutations for hiding countermeasure against side-channel attacks

Hiding countermeasure is among the best-known secure implementation techniques designed to counteract side-channel attacks. It uses a permutation algorithm to shuffle data. In today's Post-Quantum Cryptography (PQC), hiding countermeasure has earned the limelight for its “shufflability” in lattice-based, and code-based, cryptographic algorithms. In this narrative, most importantly, as a rule, fast generation of permutations is paramount to both efficacy and security of an algorithm. The Fisher–Yates (FY) shuffling method has long been a popular choice for this purpose: the FY method generates randomly shuffled (finite) indices. However, despite its theoretical verity, with the FY method we anticipate the following risks of misuse, which can lead to biased shuffling sequences: (i) incorrect implementation, (ii) poor random source, and (iii) the chosen random number being too small. In this paper, we introduce a new statistical test called “approximate permutation criterion” (“APC”). We use it to examine some known cases of misused FY shuffling (i–iii). APC takes into consideration the fact that the super-exponential rate of growth of the factorial function N!, which represents the number of permutations of N indices, defies any meaningful form of statistical tests. With APC one can verify whether the output permutations are biased or not with much lower testing cost. Mathematically, in this paper we introduce the so-called “kth order permutation verification”, the underpinning notion upon which APC is based. We also compare APC with full sample space to demonstrate how well it encapsulates the statistical randomness of random permutations. We thereby provide a new method that identifies a bias that exists in the output permutations when implementing FY Shuffling through a visual ratio test and the chi-square (χ²) distribution test.