Systematic Side-Channel Analysis of Curve25519 with Machine Learning

Profiling attacks, especially those based on machine learning, proved to be very successful techniques in recent years when considering the side-channel analysis of symmetric-key crypto implementations. At the same time, the results for implementations of asymmetric-key cryptosystems are very sparse. This paper considers several machine learning techniques to mount side-channel attacks on two implementations of scalar multiplication on the elliptic curve Curve25519. The first implementation follows the baseline implementation with complete formulae as used for EdDSA in WolfSSl, where we exploit power consumption as a side-channel. The second implementation features several countermeasures, and in this case, we analyze electromagnetic emanations to find side-channel leakage. Most techniques considered in this work result in potent attacks, and especially the method of choice appears to be convolutional neural networks (CNNs), which can break the first implementation with only a single measurement in the attack phase. The same convolutional neural network demonstrated excellent performance for attacking AES cipher implementations. Our results show that some common grounds can be established when using deep learning for profiling attacks on very different cryptographic algorithms and their corresponding implementations.

[1]  Olivier Markowitch,et al.  Power analysis attack: an approach based on machine learning , 2014, Int. J. Appl. Cryptogr..

[2]  Erick Nascimento,et al.  Attacking Embedded ECC Implementations Through cmov Side Channels , 2016, SAC.

[3]  Liji Wu,et al.  Power Analysis on SM4 with Boosting Methods , 2018, 2018 12th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID).

[4]  Sylvain Guilley,et al.  Side-channel analysis and machine learning: A practical perspective , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[5]  Cécile Canovas,et al.  Gradient Visualization for General Characterization in Profiling Attacks , 2019, IACR Cryptol. ePrint Arch..

[6]  Lejla Batina,et al.  Template attacks using classification algorithms , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[7]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[8]  Cécile Canovas,et al.  Deep Learning to Evaluate Secure RSA Implementations , 2019, IACR Cryptol. ePrint Arch..

[9]  Werner Schindler,et al.  A Closer Look at Security in Random Number Generators Design , 2012 .

[10]  Axel Legay,et al.  On the Performance of Convolutional Neural Networks for Side-Channel Analysis , 2018, SPACE.

[11]  Lilian Bossuet,et al.  Methodology for Efficient CNN Architectures in Profiling Attacks , 2019, IACR Cryptol. ePrint Arch..

[12]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[13]  Tim Güneysu,et al.  Deep Neural Network Attribution Methods for Leakage Analysis and Symmetric Key Recovery , 2019, IACR Cryptol. ePrint Arch..

[14]  Elisabeth Oswald,et al.  Template Attacks on ECDSA , 2009, WISA.

[15]  Stjepan Picek,et al.  Bias-variance Decomposition in Machine Learning-based Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[16]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[17]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[18]  Sylvain Guilley,et al.  Lightweight Ciphers and Their Side-Channel Resilience , 2020, IEEE Transactions on Computers.

[19]  Peter Schwabe,et al.  Online template attacks , 2014, Journal of Cryptographic Engineering.

[20]  Emmanuel Prouff,et al.  Breaking Cryptographic Implementations Using Deep Learning Techniques , 2016, SPACE.

[21]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[22]  Werner Schindler,et al.  Constructive side-channel analysis and secure design : third international workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012 : proceedings , 2012 .

[23]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[24]  Erick Nascimento,et al.  Horizontal Clustering Side-Channel Attacks on Embedded ECC Implementations (Extended Version) , 2017, IACR Cryptol. ePrint Arch..

[25]  Guido Bertoni,et al.  Breaking Ed25519 in WolfSSL , 2018, IACR Cryptol. ePrint Arch..

[26]  Chih-Jen Lin,et al.  Working Set Selection Using Second Order Information for Training Support Vector Machines , 2005, J. Mach. Learn. Res..

[27]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[28]  Peter Schwabe,et al.  High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers , 2015, Des. Codes Cryptogr..

[29]  Cécile Canovas,et al.  Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database , 2018, IACR Cryptol. ePrint Arch..

[30]  Annelie Heuser,et al.  The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations , 2018, IACR Cryptol. ePrint Arch..

[31]  Cesare Alippi,et al.  When Theory Meets Practice: A Framework for Robust Profiled Side-channel Analysis , 2018, IACR Cryptol. ePrint Arch..

[32]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[33]  Vincent Rijmen,et al.  Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers , 2009, Selected Areas in Cryptography.

[34]  Sylvain Guilley,et al.  Profiling Side-channel Analysis in the Restricted Attacker Framework , 2019, IACR Cryptol. ePrint Arch..

[35]  Alan Hanjalic,et al.  Make Some Noise: Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[36]  Stjepan Picek,et al.  Kilroy was here: The First Step Towards Explainability of Neural Networks in Profiled Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[37]  Lejla Batina,et al.  One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA , 2019, IACR Cryptol. ePrint Arch..

[38]  Sylvain Guilley,et al.  Dismantling Real-World ECC with Horizontal and Vertical Template Attacks , 2016, COSADE.

[39]  David Samyde,et al.  Principal and Independent Component Analysis for Crypto-systems with Hardware Unmasked Units , 2003 .

[40]  Guilherme Perin,et al.  Neural Network Model Assessment for Side-Channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[41]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[42]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[43]  Romain Poussier,et al.  A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks , 2017, CHES.

[44]  Cécile Canovas,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[45]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.