Skip to content
/ scadl Public

A tool for side-channel attacks (SCAs) using deep learning (DL)

License

LGPL-3.0, GPL-3.0 licenses found

Licenses found

LGPL-3.0
COPYING.LESSER
GPL-3.0
COPYING
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ledger-Donjon/scadl

BranchesTags

Repository files navigation

SCADL

Following the current direction in Deep Learning (DL), more recent papers have started to pay attention to the efficiency of DL in breaking cryptographic implementations.

Scadl is a side-channel attack tool based on deep learning. It implements most of the state-of-the-art techniques.

This project has been developed within the research activities of the Donjon team (Ledger's security team), to help us during side-channel evaluations.

Features

Scadl implements the following attacks which have been published before:

  • Normal profiling: A straightforward profiling technique as the attacker will use a known-key dataset to train a DL model. Then, this model is used to attack the unknown-key data set. This technique was presented by the following work: 1 and 2.
  • Non-profiling A similar technique to differential power analysis (DPA) but it has the several advantages over DPA to attack protected designs (masking and desynchronization).
  • Multi-label: A technique to attack multiple keys using only one DL model.
  • Multi-tasking: Another technique for attacking multiple keys using a single model.
  • Data augmentation: A technique to increase the dataset to boost the DL efficiency. Scadl includes mixup and random-crop.
  • Attribution methods: A technique to perform leakage detection using DL.

Installation

It can be installed using python3

pip install .

Requirements

Tutorial

Datasets

Scadl uses two different datasets for its tutorial. The first dataset is collected by running a non-protected AES on ChipWhisperer-Lite. The figure shown below indicates the power consumption of the first round AES (top). The bottom figure shows the SNR of sbox[P^K]. The yellow zone indicates P^K and the gray zone is related to sbox[P^K] of the 16 bytes. The profiling and non-profiling tutorials use the first peak in the gray zone which is related to sbox[P[0] ^ K[0]]. The multi-label tutorial uses the first two peaks of sbox[P[0] ^ K[0]] and sbox[P[1] ^ K[1]].

cw_trace

The second dataset is ASCAD which is widely used in the side-channel attacks (SCAs) domain. The figure below shows the power consumption trace (top), SNR of sbox[P[2] ^ K[2]] ^ mask (middle), and mask (bottom).

ascad_trace

Labeling

we consider for all the experiments, one or several AES Sbox for labeling the DL architectures.

def  leakage_model(metadata):
"""leakage model for sbox[0]"""
return  sbox[metadata["plaintext"][0] ^ metadata["key"][0]]

DL models

For our experiments, we use CNN and MLP models which are the most used DL models by the SCA community.

About

A tool for side-channel attacks (SCAs) using deep learning (DL)

Resources

Readme

License

LGPL-3.0, GPL-3.0 licenses found

Licenses found

LGPL-3.0
COPYING.LESSER
GPL-3.0
COPYING
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages