Skip to main content
SpringerLink
Log in

My Traces Learn What You Did in the Dark: Recovering Secret Signals Without Key Guesses

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2017 (CT-RSA 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10159))

Included in the following conference series:

Abstract

In side channel attack (SCA) studies, it is widely believed that unprotected implementations leak information about the intermediate states of the internal cryptographic process. However, directly recovering the intermediate states is not common practice in today’s SCA study. Instead, most SCAs exploit the leakages in a “guess-and-determine” way, where they take a partial key guess, compute the corresponding intermediate states, then try to identify which one fits the observed leakages better. In this paper, we ask whether it is possible to take the other way around—directly learning the intermediate states from the side channel leakages. Under certain circumstances, we find that the intermediate states can be efficiently recovered with the well-studied Independent Component Analysis (ICA). Specifically, we propose several methods to convert the side channel leakages into effective ICA observations. For more robust recovery, we also present a specialized ICA algorithm which exploits the specific features of circuit signals. Experiments confirm the validity of our analysis in various circumstances, where most intermediate states can be correctly recovered with only a few hundred traces. Our approach brings new possibilities to the current SCA study, including building an alternative SCA distinguisher, directly attacking the middle encryption rounds and reverse engineering with fewer restrictions. Considering its potential in more advanced applications, we believe our ICA-based SCA deserves more research attention in the future study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Here we simply use \(\{1,...,64\}\) as LDA’s labels.

References

  1. Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi:10.1007/3-540-68697-5_9

    Google Scholar 

  2. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  3. Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). doi:10.1007/3-540-45418-7_17

    Chapter  Google Scholar 

  4. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_25

    Chapter  Google Scholar 

  5. Gérard, B., Standaert, F.X.: Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version. J. Cryptographic Eng. 3(1), 45–58 (2013)

    Article  Google Scholar 

  6. Clavier, C.: An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol. 4812, pp. 143–155. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77086-2_11

    Chapter  Google Scholar 

  7. Clavier, C., Isorez, Q., Wurcker, A.: Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 116–135. Springer, Heidelberg (2013). doi:10.1007/978-3-319-03515-4_8

    Chapter  Google Scholar 

  8. Rivain, M., Roche, T.: SCARE of secret ciphers with SPN structures. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 526–544. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42033-7_27

    Chapter  Google Scholar 

  9. Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13, 411–430 (2000)

    Article  Google Scholar 

  10. Belouchrani, A., Cardoso, J.F.: Maximum likelihood source separation by the expectation-maximization technique: deterministic and stochastic implementation. In: Proceedings of the NOLTA, pp. 49–53 (1995)

    Google Scholar 

  11. Wiki: Blind signal separation. https://en.wikipedia.org/wiki/Blind_signal_separation

  12. Hyvarinen, A.: Fast and robust fixed-point algorithms for independent component analysis. IEEE Trans. Neural Netw. 10(3), 626–634 (1999)

    Article  Google Scholar 

  13. Cardoso, J.: High-order contrasts for independent component analysis. Neural Comput. 11(1), 157–192 (1999)

    Article  Google Scholar 

  14. Bell, A., Sejnowski, T.: An information-maximization approach to blind separation and blind deconvolution. Neural Comput. 7(6), 1129–1159 (1995)

    Article  Google Scholar 

  15. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_26

    Chapter  Google Scholar 

  16. Novak, R.: Side-channel attack on substitution blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45203-4_24

    Chapter  Google Scholar 

  17. Daudigny, R., Ledig, H., Muller, F., Valette, F.: SCARE of the DES. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 393–406. Springer, Heidelberg (2005). doi:10.1007/11496137_27

    Chapter  Google Scholar 

  18. Guilley, S., Sauvage, L., Micolod, J., Réal, D., Valette, F.: Defeating any secret cryptography with SCARE attacks. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 273–293. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14712-8_17

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank Prof. Ming Tang and Dr. Carolyn Whitnall for the inspiring discussions on this topic. We would also like to thank the anonymous reviewers for providing valuable comments. This work is supported by the National Basic Research Program of China (No. 2013CB338002) and National Natural Science Foundation of China (No. 61272476, 61672509 and 61232009).

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, People’s Republic of China

    Si Gao, Hua Chen, Wenling Wu, Limin Fan, Weiqiong Cao & Xiangliang Ma

  2. University of Chinese Academy of Sciences, Beijing, 100049, People’s Republic of China

    Si Gao, Weiqiong Cao & Xiangliang Ma

Authors
  1. Si Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hua Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenling Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Limin Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Weiqiong Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiangliang Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hua Chen .

Editor information

Editors and Affiliations

  1. Cryptography Research Inc. , San Francisco, California, USA

    Helena Handschuh

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Gao, S., Chen, H., Wu, W., Fan, L., Cao, W., Ma, X. (2017). My Traces Learn What You Did in the Dark: Recovering Secret Signals Without Key Guesses. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52153-4_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52152-7

  • Online ISBN: 978-3-319-52153-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation