Introduction

Deep learning in side-channel analysis has primarily been associated with profiled attacks. This approach, where a neural network is trained with known secrets and then used for predictions, seems like the most natural way to leverage deep learning.

However, is deep learning truly limited to profiled attacks? Our colleague, Timon, introduced an initial non-profiled attack a few years ago that was innovative but required significant computational resources, making it impractical in many scenarios.

This paper takes a different approach. It leverages the power of deep learning while maintaining the principles of non-profiled attacks. By using neural networks, we can work with traces that are not fully aligned and capture higher-order leakages. Our experiments have demonstrated the practical effectiveness of this attack, confirming its relevance and significant impact.

About the paper

The paper “Hiding in Plain Sight: Non-profiling Deep Learning-based Side-channel Analysis with Plaintext/Ciphertext” by Lichao Wu, Guilherme Perin, and Stjepan Picek introduces a novel method for non-profiling side-channel attacks. It exploits the bijection between plaintext and SubBytes output in AES. The training is made without making any key guesses. A final correlation is used to point out the outlier, the secret key.

Our Expert Review

What was studied?

We first reproduced the results on the ASCAD dataset using the code available in open source. We could confirm the attack only needs a set of traces acquired with a fixed secret key.

The technique exploits the bijection between the input plaintext and the SubBytes output in the AES algorithm when the key is fixed. This bijection allows them to label leakage measurements without needing the secret key. In practical terms, the traces must not contain any direct leakages of the plaintext but must include the SubBytes operation, with or without direct leakages. An additional practical consideration is the choice of the neural network (NN) architecture used for the analysis.

We implemented the attack using either Pytorch or Tensorflow. Good results were also obtained on a second dataset, confirming the relevance of this technique.

Why is it important?

This new approach significantly expands attack scenarios, making it highly relevant for lab evaluations. By eliminating the need for secret information to label the data, it overcomes a major limitation in current profiled SCA, which can enhance both research and practical applications of SCA. The method requires only a set of traces acquired with a fixed secret key, simplifying the attack process.

Moreover, the approach exploits the power of NNs, enabling the analysis of desynchronized traces and handling masking schemes, which are common countermeasures in cryptographic implementations. By overcoming traditional limitations and demonstrating significant improvements in performance, this study offers substantial improvements in attack efficacy and opens new avenues for advancing cryptographic security.

Which new insights have been contributed, and how significant are they?

The study has provided several significant insights with far-reaching implications. The proof of concept showed substantial results, proving the method’s effectiveness and robustness. This approach can work with any neural network, making it flexible and useful in different situations. Moreover, the attack method is able to exploit leakages in both value and Hamming weight.

Also, the exploitation of the bijection phenomenon between plaintext and the SubBytes output in AES opens new avenues for investigation in other cryptosystems. This idea might lead to creating similar “non-profiling” side-channel attack techniques across various encryption algorithms.

How practical are the results?

The results of our tests reached the levels claimed by the authors, demonstrating the method’s effectiveness and reliability. The method can effectively target protected implementations, focusing currently on the AES SubBytes operation. Indeed, our attack tests targeted two AES dataset traces: one from a straightforward implementation and the other one being the ASCAD v2, as targeted in the paper. We implemented the attack without using usual tricks around the neural network in the SCA area, such as data augmentation, cyclical learning rate, or random translation. Furthermore, we tested both major deep learning Python APIs, PyTorch and Keras (TensorFlow), in parallel. We also evaluated the attack using custom Multi-Layer Perceptron (MLP) and Convolutional Neural Network (CNN) models. Our several attack implementation affirms that the attack works on both datasets with various NN implementations and parameters.

When might the impact happen?

The implementation of our attack is complete and can be used immediately, demonstrating its current readiness for practical application. While the attack has proven effective against AES, it is important to note that AES is often used within broader protocols that mitigate side-channel attacks per nature. The broader impact of this method will also depend on its application to other cryptosystems, requiring further research and testing to validate its effectiveness across different encryption algorithms and different leakage models.

What’s next?

Further research is needed to determine its applicability to other cryptographic modes like Galois/Counter Mode (GCM), pipelined implementations, real-world products and other cryptographic systems. Additionally, exploring the bijection phenomenon in other cryptographic algorithms and enhancing the deep learning models used could lead to further advancements.

‍