Plaintext-based Side-channel Collision Attack
Authors
Lichao Wu, Sébastien Tiran, Guilherme Perin, Stjepan Picek
Lichao Wu
Technical University of Darmstadt, Darmstadt, Germany
Guilherme Perin
Leiden University, Leiden, The Netherlands
Stjepan Picek
Radboud University, Nijmegen, The Netherlands
stjepan dot picek at ru dot nl
stjepan dot picek at ru dot nl
Abstract
Side-channel Collision Attacks (SCCA) is a classical method that exploits information dependency leaked during cryptographic operations. Unlike collision attacks that seek instances where two different inputs to a cryptographic algorithm yield identical outputs, SCCAs specifically target the internal state, where identical outputs are more likely. Although SCCA does not rely on the pre-assumption of the leakage model, it explicitly operates on precise trace segments reflecting the target operation, which is challenging to perform when the leakage measurements are noisy. Besides, its attack performance may vary dramatically, as it relies on selecting a reference byte (and its corresponding leakages) to “collide” other bytes. A poor selection would lead to many bytes unrecoverable. These two facts make its real-world application problematic.
This paper addresses these challenges by introducing a novel plaintext-based SCCA. We leverage the bijective relationship between plaintext and secret data, using plaintext as labels to train profiling models to depict leakages from varying operations. By comparing the leakage representations produced by the profiling model instead of the leakage segmentation itself, all secret key differences can be revealed simultaneously without processing leakage traces. Furthermore, we propose a novel error correction scheme to rectify false predictions further. Experimental results show that our approach significantly surpasses the state-of-the-art SCCA in both attack performance and computational complexity (e.g., training time reduced from approximately three hours to five minutes). These findings underscore our method's effectiveness and practicality in real-world attack scenarios.
References
[BCH+20]
Shivam Bhasin, Anupam Chattopadhyay, Annelie Heuser, Dirmanto Jap, Stjepan Picek, and Ritu Ranjan Shrivastwa. Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. 2020. The Internet Society. DOI: 10.14722/ndss.2020.24390
[BCO04]
Eric Brier, Christophe Clavier, and Francis Olivier. Correlation power analysis with a leakage model. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 16–29. 2004. Springer. DOI: 10.1007/978-3-540-28632-5_2
[BK02]
Régis Bevan and Erik Knudsen. Ways to enhance differential power analysis. In International Conference on Information Security and Cryptology, pages 327–342. 2002. Springer. DOI: 10.1007/3-540-36552-4_23
[Bog07]
Andrey Bogdanov. Improved side-channel collision attacks on AES. In Selected Areas in Cryptography: 14th International Workshop, SAC 2007, Ottawa, Canada, August 16-17, 2007, Revised Selected Papers 14, pages 84–95. 2007. Springer. DOI: 10.1007/978-3-540-77360-3_6
[BPS+20]
Ryad Benadjila, Emmanuel Prouff, Rémi Strullu, Eleonora Cagli, and Cécile Dumas. Deep learning for side-channel analysis and introduction to ASCAD database. J. Cryptographic Engineering, 10(2):163–188, 2020. DOI: 10.1007/s13389-019-00220-8
[Bri90]
John S Bridle. Probabilistic interpretation of feedforward classification network outputs, with relationships to statistical pattern recognition. In Neurocomputing: Algorithms, architectures and applications, pages 227–236. Springer 1990. DOI: 10.1007/978-3-642-76153-9_28
[BS20]
Olivier Bronchain and François-Xavier Standaert. Side-channel countermeasures’ dissection and the limits of closed source security evaluations. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020. DOI: 10.46586/tches.v2020.i2.1-25
[Car97]
Rich Caruana. Multitask learning. Machine learning, 28:41–75, 1997. DOI: 10.1007/978-1-4615-5529-2_5
[CRR02]
Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi. Template Attacks. In Burton S. Kaliski Jr., Çetin Kaya Koç, and Christof Paar, editors, Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pages 13–28. 2002. Springer. DOI: 10.1007/3-540-36400-5_3
[DLH+22]
Ngoc-Tuan Do, Phu-Cuong Le, Van-Phuc Hoang, Van-Sang Doan, Hoai Giang Nguyen, and Cong-Kha Pham. MO-DLSCA: Deep Learning Based Non-profiled Side Channel Analysis Using Multi-output Neural Networks. In 2022 International Conference on Advanced Technologies for Communications (ATC), pages 245-250. 2022. DOI: 10.1109/ATC55345.2022.9943024
[GS12]
Benoît Gérard and François-Xavier Standaert. Unified and optimized linear collision attacks and their application in a non-profiled setting. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 175–192. 2012. Springer. DOI: 10.1007/978-3-642-33027-8_11
[HDD22]
Van-Phuc Hoang, Ngoc-Tuan Do, and Van Sang Doan. Efficient Non-profiled Side Channel Attack Using Multi-output Classification Neural Network. IEEE Embedded Systems Letters, 2022. DOI: 10.1109/LES.2022.3213443
[HGG18]
Benjamin Hettwer, Stefan Gehrer, and Tim Güneysu. Profiled power analysis attacks using convolutional neural networks with domain knowledge. In International Conference on Selected Areas in Cryptography, pages 479–498. 2018. Springer. DOI: 10.1007/978-3-030-10970-7_22
[HGM+11]
Gabriel Hospodar, Benedikt Gierlichs, Elke De Mulder, Ingrid Verbauwhede, and Joos Vandewalle. Machine learning in side-channel analysis: a first study. J. Cryptogr. Eng., 1(4):293–302, 2011. DOI: 10.1007/s13389-011-0023-x
[HHO20]
Anh-Tuan Hoang, Neil Hanley, and Maire O’Neill. Plaintext: A missing feature for enhancing the power of deep learning in side-channel analysis? breaking multiple layers of side-channel countermeasures. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020. DOI: 10.46586/tches.v2020.i4.49-85
[HK11]
Jan Hauke and Tomasz Kossowski. Comparison of values of Pearson's and Spearman's correlation coefficients on the same sets of data. Quaestiones geographicae, 30(2):87, 2011. DOI: 10.21203/rs.3.rs-4380975/v1
[KJJ99a]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pages 388–397, London, UK, UK. 1999. Springer-Verlag.
[KJJ99b]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Michael J. Wiener, editor, Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 388–397. 1999. Springer. DOI: 10.1007/3-540-48405-1_25
[KUMH17]
Günter Klambauer, Thomas Unterthiner, Andreas Mayr, and Sepp Hochreiter. Self-normalizing neural networks. In Advances in neural information processing systems, pages 971–980. 2017. DOI: 10.5555/3294771.3294864
[LMBM13]
Liran Lerman, Stephane Fernandes Medeiros, Gianluca Bontempi, and Olivier Markowitch. A Machine Learning Approach Against a Masked AES. In CARDIS. November 2013. Springer. DOI: 10.1007/978-3-319-14123-7_5 Berlin, Germany
[LZC+21]
Xiangjun Lu, Chi Zhang, Pei Cao, Dawu Gu, and Haining Lu. Pay attention to raw traces: A deep learning architecture for end-to-end profiling attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021. DOI: 10.46586/tches.v2021.i3.235-274
[Mag20]
Houssem Maghrebi. Deep learning based side-channel attack: a new profiling methodology based on multi-label classification. Cryptology ePrint Archive, 2020.
[MME10]
Amir Moradi, Oliver Mischke, and Thomas Eisenbarth. Correlation-enhanced power analysis collision attack. In Cryptographic Hardware and Embedded Systems, CHES 2010: 12th International Workshop, Santa Barbara, USA, August 17-20, 2010. Proceedings 12, pages 125–139. 2010. Springer. DOI: 10.1007/978-3-642-15031-9_9
[MOP08]
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media 2008. DOI: 10.1007/978-0-387-38162-6
[MPP16]
Houssem Maghrebi, Thibault Portigliatti, and Emmanuel Prouff. Breaking cryptographic implementations using deep learning techniques. In International Conference on Security, Privacy, and Applied Cryptography Engineering, pages 3–26. 2016. Springer. DOI: 10.1007/978-3-319-49445-6_1
[MS16]
Amir Moradi and François-Xavier Standaert. Moments-correlating DPA. In Proceedings of the 2016 ACM Workshop on Theory of Implementation Security, pages 5–15. 2016. DOI: 10.1145/2996366.2996369
[MS23]
Loïc Masure and Rémi Strullu. Side-channel analysis against ANSSI’s protected AES implementation on ARM: end-to-end attacks with multi-task learning. Journal of Cryptographic Engineering, 2023. DOI: 10.1007/s13389-023-00311-7
[PHJ+17]
Stjepan Picek, Annelie Heuser, Alan Jovic, Simone A. Ludwig, Sylvain Guilley, Domagoj Jakobovic, and Nele Mentens. Side-channel analysis and machine learning: A practical perspective. In 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, May 14-19, 2017, pages 4095–4102. 2017. DOI: 10.1109/ijcnn.2017.7966373
[PPM+23]
Stjepan Picek, Guilherme Perin, Luca Mariot, Lichao Wu, and Lejla Batina. Sok: Deep learning-based physical side-channel analysis. ACM Computing Surveys, 55(11):1–35, 2023. DOI: 10.1145/3569577
[PWP22]
Guilherme Perin, Lichao Wu, and Stjepan Picek. Exploring Feature Selection Scenarios for Deep Learning-based Side-channel Analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4):828–861, Aug. 2022. DOI: 10.46586/tches.v2022.i4.828-861
[Rud17]
Sebastian Ruder. An overview of multi-task learning in deep neural networks. arXiv preprint arXiv:1706.05098, 2017.
[SLP05]
Werner Schindler, Kerstin Lemke, and Christof Paar. A Stochastic Model for Differential Side Channel Cryptanalysis. In Cryptographic Hardware and Embedded Systems – CHES 2005, pages 30–46. Springer Berlin Heidelberg 2005. DOI: 10.1007/11545262_3
[SM23]
Marvin Staib and Amir Moradi. Deep Learning Side-Channel Collision Attack. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(3):422–444, Jun. 2023. DOI: 10.46586/tches.v2023.i3.422-444
[SWP03]
Kai Schramm, Thomas Wollinger, and Christof Paar. A new class of collision attacks and its application to DES. In Fast Software Encryption: 10th International Workshop, FSE 2003, Lund, Sweden, February 24-26, 2003. Revised Papers 10, pages 206–222. 2003. Springer. DOI: 10.1007/978-3-540-39887-5_16
[Tim19]
Benjamin Timon. Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019. DOI: 10.46586/tches.v2019.i2.107-131
[vWWB11]
Jasper GJ van Woudenberg, Marc F Witteman, and Bram Bakker. Improving differential power analysis by elastic alignment. In Topics in Cryptology–CT-RSA 2011: The Cryptographers’ Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings, pages 104–119. 2011. Springer. DOI: 10.1007/978-3-642-19074-2_8
[WPP22a]
Lichao Wu, Guilherme Perin, and Stjepan Picek. The best of two worlds: Deep learning-assisted template attack. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022. DOI: 10.46586/tches.v2022.i3.413-437
[WPP22b]
Lichao Wu, Guilherme Perin, and Stjepan Picek. On the evaluation of deep learning-based side-channel analysis. In International Workshop on Constructive Side-Channel Analysis and Secure Design, pages 49–71. 2022. Springer. DOI: 10.1007/978-3-030-99766-3_3
[WPP23]
Lichao Wu, Guilherme Perin, and Stjepan Picek. Not so Difficult in the End: Breaking the Lookup Table-Based Affine Masking Scheme. In International Conference on Selected Areas in Cryptography, pages 82–96. 2023. Springer. DOI: 10.1007/978-3-031-53368-6_5
[WPP24]
Lichao Wu, Guilherme Perin, and Stjepan Picek. Weakly Profiling Side-channel Analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024.
[WWK+23]
Lichao Wu, Léo Weissbart, Marina Krček, Huimin Li, Guilherme Perin, Lejla Batina, and Stjepan Picek. Label Correlation in Deep Learning-based Side-channel Analysis. IEEE Transactions on Information Forensics and Security, 2023. DOI: 10.1109/tifs.2023.3287728
[ZBHV19]
Gabriel Zaid, Lilian Bossuet, Amaury Habrard, and Alexandre Venelli. Methodology for Efficient CNN Architectures in Profiling Attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(1):1-36, Nov. 2019. DOI: 10.13154/tches.v2020.i1.1-36
[ZY21]
Yu Zhang and Qiang Yang. A survey on multi-task learning. IEEE Transactions on Knowledge and Data Engineering, 34(12):5586–5609, 2021. DOI: 10.1109/TKDE.2021.3070203
PDF
History
Submitted: 2024-07-07
Accepted: 2024-09-02
Published: 2024-10-07
Accepted: 2024-09-02
Published: 2024-10-07
How to cite
Lichao Wu, Sébastien Tiran, Guilherme Perin, and Stjepan Picek, Plaintext-based Side-channel Collision Attack. IACR Communications in Cryptology, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/a36cy7qiu.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.