Cryptology ePrint Archive: Report 2013/438

Clustering Algorithms for Non-Profiled Single-Execution Attacks on Exponentiations

Johann Heyszl and Andreas Ibing and Stefan Mangard and Fabrizio De Santis and Georg Sigl

Abstract: Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the k-means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.

Category / Keywords: Exponentiation, side-channel attack, non-profiled, single- execution, unsupervised clustering, simultaneous measurements, EM

Original Publication (in the same form): CARDIS 2013, Springer. The final publication is available at

Date: received 12 Jul 2013, last revised 17 Jan 2014

Contact author: johann heyszl at aisec fraunhofer de

Available format(s): PDF | BibTeX Citation

Version: 20140117:125703 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]