Advertisement

One Trace Is All It Takes: Machine Learning-Based Side-Channel Attack on EdDSA

  • Léo WeissbartEmail author
  • Stjepan PicekEmail author
  • Lejla BatinaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11947)

Abstract

Profiling attacks, especially those based on machine learning proved as very successful techniques in recent years when considering side-channel analysis of block ciphers implementations. At the same time, the results for implementations of public-key cryptosystems are very sparse. In this paper, we consider several machine learning techniques in order to mount a power analysis attack on EdDSA using the curve Curve25519 as implemented in WolfSSL. The results show all considered techniques to be viable and powerful options. Especially convolutional neural networks (CNNs) are effective as we can break the implementation with only a single measurement in the attack phase while requiring less than 500 measurements in the training phase. Interestingly, that same convolutional neural network was recently shown to perform extremely well for attacking the implementation of the AES cipher. Our results show that some common grounds can be established when using deep learning for profiling attacks on distinct cryptographic algorithms and their corresponding implementations.

Supplementary material

References

  1. 1.
  2. 2.
    Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records (2006). http://cr.yp.to/papers.html#curve25519. Citations in this document 1(5) (2016)
  3. 3.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)CrossRefGoogle Scholar
  4. 4.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography, vol. 265. Cambridge University Press, Cambridge (1999)CrossRefGoogle Scholar
  5. 5.
    Bohy, L., Neve, M., Samyde, D., Quisquater, J.J.: Principal and independent component analysis for crypto-systems with hardware unmasked units. In: Proceedings of e-Smart 2003, Cannes, France, January 2003Google Scholar
  6. 6.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  7. 7.
    Cagli, E., Dumas, C., Prouff, E.: Convolutional neural networks with data augmentation against jitter-based countermeasures. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 45–68. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_3CrossRefGoogle Scholar
  8. 8.
    Carbone, M., et al.: Deep learning to evaluate secure RSA implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 132–161 (2019).  https://doi.org/10.13154/tches.v2019.i2.132-161. https://tches.iacr.org/index.php/TCHES/article/view/7388CrossRefGoogle Scholar
  9. 9.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_3CrossRefGoogle Scholar
  10. 10.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08302-5_17CrossRefGoogle Scholar
  11. 11.
    Cid, C., Jacobson Jr., M.J. (eds.): SAC 2018. LNCS, vol. 11349. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-10970-7CrossRefzbMATHGoogle Scholar
  12. 12.
    Fan, R.E., Chen, P.H., Lin, C.J.: Working set selection using second order information for training support vector machines. J. Mach. Learn. Res. 6, 1889–1918 (2005). http://dl.acm.org/citation.cfm?id=1046920.1194907MathSciNetzbMATHGoogle Scholar
  13. 13.
    FIPS, PUB: 180–4. Secure hash standard (SHS), March 2012Google Scholar
  14. 14.
    Heuser, A., Picek, S., Guilley, S., Mentens, N.: Lightweight ciphers and their side-channel resilience. IEEE Trans. Comput. PP(99), 1 (2017).  https://doi.org/10.1109/TC.2017.2757921
  15. 15.
    Kim, J., Picek, S., Heuser, A., Bhasin, S., Hanjalic, A.: Make some noise. Unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(3), 148–179 (2019).  https://doi.org/10.13154/tches.v2019.i3.148-179. https://tches.iacr.org/index.php/TCHES/article/view/8292CrossRefGoogle Scholar
  16. 16.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  17. 17.
    LeCun, Y., Bengio, Y., et al.: Convolutional networks for images, speech, and time series. In: The Handbook of Brain Theory and Neural Networks, vol. 3361, no. 10 (1995)Google Scholar
  18. 18.
    Lerman, L., Bontempi, G., Markowitch, O.: Power analysis attack: an approach based on machine learning. Int. J. Appl. Cryptol. 3(2), 97–115 (2014).  https://doi.org/10.1504/IJACT.2014.062722MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F.-X.: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 20–33. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-21476-4_2CrossRefGoogle Scholar
  20. 20.
    Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 3–26. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-49445-6_1CrossRefGoogle Scholar
  21. 21.
    Medwed, M., Oswald, E.: Template attacks on ECDSA. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 14–27. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00306-6_2CrossRefGoogle Scholar
  22. 22.
    Minka, T.P.: Automatic choice of dimensionality for PCA. In: Advances in Neural Information Processing Systems, pp. 598–604 (2001)Google Scholar
  23. 23.
    Nascimento, E., Chmielewski, Ł., Oswald, D., Schwabe, P.: Attacking embedded ECC implementations through cmov side channels. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 99–119. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69453-5_6CrossRefGoogle Scholar
  24. 24.
    van den Oord, A., et al.: WaveNet: a generative model for raw audio. arXiv preprint arXiv:1609.03499 (2016)
  25. 25.
    Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetzbMATHGoogle Scholar
  26. 26.
    Picek, S., Heuser, A., Guilley, S.: Profiling side-channel analysis in the restricted attacker framework. Cryptology ePrint Archive, Report 2019/168 (2019). https://eprint.iacr.org/2019/168
  27. 27.
    Picek, S., Heuser, A., Jovic, A., Bhasin, S., Regazzoni, F.: The curse of class imbalance and conflicting metrics with machine learning for side-channel evaluations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(1), 209–237 (2019).  https://doi.org/10.13154/tches.v2019.i1.209-237CrossRefGoogle Scholar
  28. 28.
    Picek, S., et al.: Side-channel analysis and machine learning: a practical perspective. In: 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, 14–19 May 2017, pp. 4095–4102 (2017)Google Scholar
  29. 29.
    Picek, S., Samiotis, I.P., Kim, J., Heuser, A., Bhasin, S., Legay, A.: On the performance of convolutional neural networks for side-channel analysis. In: Chattopadhyay, A., Rebeiro, C., Yarom, Y. (eds.) SPACE 2018. LNCS, vol. 11348, pp. 157–176. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-05072-6_10CrossRefGoogle Scholar
  30. 30.
    Poussier, R., Zhou, Y., Standaert, F.-X.: A systematic approach to the side-channel analysis of ECC implementations with worst-case horizontal attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 534–554. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_26CrossRefGoogle Scholar
  31. 31.
    Prouff, E., Strullu, R., Benadjila, R., Cagli, E., Dumas, C.: Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. IACR Cryptology ePrint Archive 2018, 53 (2018)Google Scholar
  32. 32.
    Samwel, N., Batina, L., Bertoni, G., Daemen, J., Susella, R.: Breaking Ed25519 in WolfSSL. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 1–20. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76953-0_1CrossRefGoogle Scholar
  33. 33.
    Schindler, W., Huss, S.A. (eds.): COSADE 2012. LNCS, vol. 7275. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29912-4CrossRefGoogle Scholar
  34. 34.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)CrossRefGoogle Scholar
  35. 35.
    Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)
  36. 36.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_26CrossRefGoogle Scholar
  37. 37.
    Tuveri, N., Hassan, S.u., Garcia, C.P., Brumley, B.B.: Side-channel analysis of SM2: a late-stage featurization case study. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 147–160. ACM, New York (2018).  https://doi.org/10.1145/3274694.3274725. http://doi.acm.org/10.1145/3274694.3274725
  38. 38.
    Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995).  https://doi.org/10.1007/978-1-4757-2440-0CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Delft University of TechnologyDelftThe Netherlands
  2. 2.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations