One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA

Profiling attacks, especially those based on machine learning proved as very successful techniques in recent years when considering side-channel analysis of block ciphers implementations. At the same time, the results for implementations of public-key cryptosystems are very sparse. In this paper, we consider several machine learning techniques in order to mount a power analysis attack on EdDSA using the curve Curve25519 as implemented in WolfSSL. The results show all considered techniques to be viable and powerful options. Especially convolutional neural networks (CNNs) are effective as we can break the implementation with only a single measurement in the attack phase while requiring less than 500 measurements in the training phase. Interestingly, that same convolutional neural network was recently shown to perform extremely well for attacking the implementation of the AES cipher. Our results show that some common grounds can be established when using deep learning for profiling attacks on distinct cryptographic algorithms and their corresponding implementations.

[1]  Cesar Pereida García,et al.  Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study , 2018, IACR Cryptol. ePrint Arch..

[2]  Alan Hanjalic,et al.  Make Some Noise: Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[3]  Annelie Heuser,et al.  The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations , 2018, IACR Cryptol. ePrint Arch..

[4]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[5]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[6]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[7]  Chih-Jen Lin,et al.  Working Set Selection Using Second Order Information for Training Support Vector Machines , 2005, J. Mach. Learn. Res..

[8]  Werner Schindler,et al.  Constructive side-channel analysis and secure design : third international workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012 : proceedings , 2012 .

[9]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[10]  Tom Minka,et al.  Automatic Choice of Dimensionality for PCA , 2000, NIPS.

[11]  Sylvain Guilley,et al.  Lightweight Ciphers and Their Side-Channel Resilience , 2020, IEEE Transactions on Computers.

[12]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[13]  Romain Poussier,et al.  Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis) , 2015, COSADE.

[14]  David Samyde,et al.  Principal and Independent Component Analysis for Crypto-systems with Hardware Unmasked Units , 2003 .

[15]  Guido Bertoni,et al.  Breaking Ed25519 in WolfSSL , 2018, IACR Cryptol. ePrint Arch..

[16]  Emmanuel Prouff,et al.  Breaking Cryptographic Implementations Using Deep Learning Techniques , 2016, SPACE.

[17]  Jérémy Jean,et al.  Selected Areas in Cryptography – SAC 2018 , 2018, Lecture Notes in Computer Science.

[18]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[19]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[20]  Heiga Zen,et al.  WaveNet: A Generative Model for Raw Audio , 2016, SSW.

[21]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[22]  Yoshua Bengio,et al.  Convolutional networks for images, speech, and time series , 1998 .

[23]  Tim Güneysu,et al.  Profiled Power Analysis Attacks Using Convolutional Neural Networks with Domain Knowledge , 2018, SAC.

[24]  Emmanuel Prouff,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[25]  Sylvain Guilley,et al.  Profiling Side-channel Analysis in the Restricted Attacker Framework , 2019, IACR Cryptol. ePrint Arch..

[26]  Cécile Canovas,et al.  Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database , 2018, IACR Cryptol. ePrint Arch..

[27]  Romain Poussier,et al.  A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks , 2017, CHES.

[28]  Cécile Canovas,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[29]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[30]  Olivier Markowitch,et al.  Power analysis attack: an approach based on machine learning , 2014, Int. J. Appl. Cryptogr..

[31]  Erick Nascimento,et al.  Attacking Embedded ECC Implementations Through cmov Side Channels , 2016, SAC.

[32]  Elisabeth Oswald,et al.  Template Attacks on ECDSA , 2009, WISA.

[33]  Cécile Canovas,et al.  Deep Learning to Evaluate Secure RSA Implementations , 2019, IACR Cryptol. ePrint Arch..

[34]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[35]  Axel Legay,et al.  On the Performance of Convolutional Neural Networks for Side-Channel Analysis , 2018, SPACE.

[36]  Annelie Heuser,et al.  Intelligent Machine Homicide - Breaking Cryptographic Devices Using Support Vector Machines , 2012, COSADE.

[37]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[38]  Werner Schindler,et al.  A Closer Look at Security in Random Number Generators Design , 2012 .

[39]  Sylvain Guilley,et al.  Side-channel analysis and machine learning: A practical perspective , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[40]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[41]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..