Exact Soft Analytical Side-Channel Attacks using Tractable Circuits
Authors: Thomas Wedenig, Rishub Nagpal, Gaëtan Cassiers, Stefan Mangard, Robert Peharz
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | When attacking the Advanced Encryption Standard (AES), the most widely used encryption algorithm to date, Ex SASCA outperforms SASCA by more than 31% top-1 success rate absolute. By leveraging sparse belief messages, this performance is achieved with little more computational cost than SASCA, and about 3 orders of magnitude less than exact inference via exhaustive enumeration. Even with dense belief messages, Ex SASCA still uses 6 times less computations than exhaustive inference. |
| Researcher Affiliation | Academia | 1Institute of Theoretical Computer Science, Graz University of Technology, Graz, Austria 2Institute of Applied Information Processing and Communications, Graz University of Technology, Graz, Austria 3Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTM), UCLouvain, Ottignies-Louvain-la-Neuve, Belgium. |
| Pseudocode | Yes | Algorithm 1 Simplified Beginning of AES-128 ... Algorithm 2 MIXCOLUMN |
| Open Source Code | Yes | Our implementation can be found at https://github.com/wedenigt/exsasca. |
| Open Datasets | No | To evaluate our method, we use asynchronously captured power traces from an SMT32F415 (ARM) microcontroller (Bursztein & Picod, 2019) that performs encryption using AES-128. The data D = {(ℓ(i), k(i), p(i))}n i=1 contains n = 131,072 samples, each of which consists of a high-dimensional power trace ℓ R20,000, and 16 byte key and plaintext vectors k, p, with 512 unique keys k. For each unique key, the dataset contains 256 elements, each with a different plaintext p. ... No explicit statement or link is provided to confirm the public availability of this dataset. |
| Dataset Splits | Yes | We use 20% of D as a test set Dtest, while the remaining 80% of D are again split into a training set Dtrain (82.5% of D \Dtest) and a validation set Dval (17.5% of D \Dtest). |
| Hardware Specification | Yes | Using these techniques, compiling SDD(M) takes about 7 hours on a Intel Xeon E5-2670 CPU and the resulting circuit consists of 20M nodes and needs 17.4M sums and 37.2M products for a bottom-up evaluation. |
| Software Dependencies | No | Most notably, we leverage pysdd (Meert, 2017), a Python interface for the sdd1 software package, which allows us to easily construct, manipulate and optimize SDDs and their associated vtrees. This allows us to implement many components of our pipeline (e.g., the merging trick ) in a relatively straightforward way. ... The paper mentions the software packages used (pysdd, sdd1) but does not provide specific version numbers for these, which are necessary for reproducible dependency management. |
| Experiment Setup | Yes | For a given leakage ℓ, we utilize the template attack described in (Bronchain et al., 2021) to obtain a set of local beliefs p(v | ℓ) for all bytes v v and for each call to MIXCOLUMN. Using these beliefs, SASCA and Ex SASCA + MAR compute marginal posterior distributions p(k1 | ℓ), . . . , p(k16 | ℓ) and then define the joint key posterior to be p(k|ℓ) = Q16 i=1 p(ki|ℓ). On the other hand, Ex SASCA + MPE does not make this conditional independence assumption and directly computes argmaxk p(k | ℓ), i.e., the MPE in the true joint key posterior according to our probabilistic model p(k | ℓ) = p(k1:4 | ℓ) p(k13:16 | ℓ), where ki:j = (ki, ki+1, . . . , kj) denotes a subkey. ... For α [0, 1] and for all bytes v v, we compute pα(v = x | ℓ) = (1 α)p(v = x | ℓ) + α 1 for all x {0, . . . , 255} and use the set of corrupted beliefs pα(v | ℓ) as inputs to different inference methods. |