Following the current direction in Deep Learning (DL), more recent papers have started to pay attention to the efficiency of DL in breaking cryptographic implementations.
Scadl is a side-channel attack tool based on deep learning. It implements most of the state-of-the-art techniques.
This project has been developed within the research activities of the Donjon team (Ledger's security team), to help us during side-channel evaluations.
Scadl implements the following attacks which have been published before:
- Normal profiling: A straightforward profiling technique as the attacker will use a known-key dataset to train a DL model. Then, this model is used to attack the unknown-key data set. This technique was presented by the following work: 1 and 2.
- Non-profiling A similar technique to differential power analysis (DPA) but it has the several advantages over DPA to attack protected designs (masking and desynchronization).
- Multi-label: A technique to attack multiple keys using only one DL model.
- Multi-tasking: Another technique for attacking multiple keys using a single model.
- Data augmentation: A technique to increase the dataset to boost the DL efficiency. Scadl includes mixup and random-crop.
- Attribution methods: A technique to perform leakage detection using DL.
It can be installed using python3
pip install .
Scadl uses two different datasets for its tutorial. The first dataset is collected by running a non-protected AES on ChipWhisperer-Lite. The figure shown below indicates the power consumption of the first round AES (top). The bottom figure shows the SNR of sbox[P^K]. The yellow zone indicates P^K and the gray zone is related to sbox[P^K] of the 16 bytes. The profiling and non-profiling tutorials use the first peak in the gray zone which is related to sbox[P[0] ^ K[0]]. The multi-label tutorial uses the first two peaks of sbox[P[0] ^ K[0]] and sbox[P[1] ^ K[1]].
The second dataset is ASCAD which is widely used in the side-channel attacks (SCAs) domain. The figure below shows the power consumption trace (top), SNR of sbox[P[2] ^ K[2]] ^ mask (middle), and mask (bottom).
we consider for all the experiments, one or several AES Sbox for labeling the DL architectures.
def leakage_model(metadata):
"""leakage model for sbox[0]"""
return sbox[metadata["plaintext"][0] ^ metadata["key"][0]]For our experiments, we use CNN and MLP models which are the most used DL models by the SCA community.