Keep it Unsupervised: Horizontal Attacks Meet Deep Learning

Guilherme Perin; Łukasz Chmielewski; Lejla Batina; Stjepan Picek

doi:10.46586/tches.v2021.i1.343-372

Keep it Unsupervised: Horizontal Attacks Meet Deep Learning

Guilherme Perin, Łukasz Chmielewski, Lejla Batina, Stjepan Picek

Cyber Security

Research output: Contribution to journal › Article › Scientific › peer-review

21 Citations (Scopus)

105 Downloads (Pure)

Abstract

To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a “scalar blinding” is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct private keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of wrong bits from randomized scalars (or exponents).
When a simple horizontal attack can recover around 52% of attacked multiple private key bits, the proposed iterative framework improves the private key accuracy to above 90% on average and to 100% for at least one of the attacked keys. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.

Original language	English
Pages (from-to)	343-372
Number of pages	30
Journal	IACR Transactions on Cryptographic Hardware and Embedded Systems
Volume	2021
Issue number	1
DOIs	https://doi.org/10.46586/tches.v2021.i1.343-372
Publication status	Published - 2020

Keywords

Side-channel Analysis
Public-key Algorithms
Horizontal Attacks
Deep Learning

Access to Document

10.46586/tches.v2021.i1.343-372

8737-Article Text-5465-1-10-20201203Final published version, 1.85 MBLicence: CC BY

Cite this

@article{dcb41346388447f7932b74e9f4d40593,

title = "Keep it Unsupervised: Horizontal Attacks Meet Deep Learning",

abstract = "To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a “scalar blinding” is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct private keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of wrong bits from randomized scalars (or exponents).When a simple horizontal attack can recover around 52% of attacked multiple private key bits, the proposed iterative framework improves the private key accuracy to above 90% on average and to 100% for at least one of the attacked keys. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.",

keywords = "Side-channel Analysis, Public-key Algorithms, Horizontal Attacks, Deep Learning",

author = "Guilherme Perin and {\L}ukasz Chmielewski and Lejla Batina and Stjepan Picek",

year = "2020",

doi = "10.46586/tches.v2021.i1.343-372",

language = "English",

volume = "2021",

pages = "343--372",

journal = "IACR Transactions on Cryptographic Hardware and Embedded Systems",

issn = "2569-2925",

publisher = "Ruhr-University Bochum",

number = "1",

}

TY - JOUR

T1 - Keep it Unsupervised

T2 - Horizontal Attacks Meet Deep Learning

AU - Perin, Guilherme

AU - Chmielewski, Łukasz

AU - Batina, Lejla

AU - Picek, Stjepan

PY - 2020

Y1 - 2020

N2 - To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a “scalar blinding” is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct private keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of wrong bits from randomized scalars (or exponents).When a simple horizontal attack can recover around 52% of attacked multiple private key bits, the proposed iterative framework improves the private key accuracy to above 90% on average and to 100% for at least one of the attacked keys. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.

AB - To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a “scalar blinding” is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct private keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of wrong bits from randomized scalars (or exponents).When a simple horizontal attack can recover around 52% of attacked multiple private key bits, the proposed iterative framework improves the private key accuracy to above 90% on average and to 100% for at least one of the attacked keys. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.

KW - Side-channel Analysis

KW - Public-key Algorithms

KW - Horizontal Attacks

KW - Deep Learning

UR - http://www.scopus.com/inward/record.url?scp=85111018795&partnerID=8YFLogxK

U2 - 10.46586/tches.v2021.i1.343-372

DO - 10.46586/tches.v2021.i1.343-372

M3 - Article

SN - 2569-2925

VL - 2021

SP - 343

EP - 372

JO - IACR Transactions on Cryptographic Hardware and Embedded Systems

JF - IACR Transactions on Cryptographic Hardware and Embedded Systems

IS - 1

ER -

Keep it Unsupervised: Horizontal Attacks Meet Deep Learning

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this