Paper 2016/1082

My traces learn what you did in the dark: recovering secret signals without key guesses

Si Gao, Hua Chen, Wenling Wu, Limin Fan, Weiqiong Cao, and Xiangliang Ma


In side channel attack (SCA) studies, it is widely believed that unprotected implementations leak information about the intermediate states of the internal cryptographic process. However, directly recovering the intermediate states is not common practice in today's SCA study. Instead, most SCAs exploit the leakages in a "guess-and-determine" way, where they take a partial key guess, compute the corresponding intermediate states, then try to identify which one fits the observed leakages better. In this paper, we ask whether it is possible to take the other way around---directly learning the intermediate states from the side channel leakages. Under certain circumstances, we find that the intermediate states can be efficiently recovered with the well-studied Independent Component Analysis (ICA). Specifically, we propose several methods to convert the side channel leakages into effective ICA observations. For more robust recovery, we also present a specialized ICA algorithm which exploits the specific features of circuit signals. Experiments confirm the validity of our analysis in various circumstances, where most intermediate states can be correctly recovered with only a few hundred traces. To our knowledge, this is the first attempt to directly recover the intermediate states in a completely non-profiled setting. Our approach brings new possibilities to the current SCA study, including building an alternative SCA distinguisher, directly attacking the middle encryption rounds and reverse engineering with fewer restrictions. Considering its potential in more advanced applications, we believe our ICA-based SCA deserves more research attention in the future study.

Note: Full version of the same paper in CT-RSA 2017.

Available format(s)
Publication info
Published elsewhere. Major revision. CT-RSA 2017
Side Channel AnalysisSignal RecoveryIndependent Component Analysis
Contact author(s)
gaosi @ tca iscas ac cn
2016-11-21: received
Short URL
Creative Commons Attribution


      author = {Si Gao and Hua Chen and Wenling Wu and Limin Fan and Weiqiong Cao and Xiangliang Ma},
      title = {My traces learn what you did in the dark: recovering secret signals without key guesses},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1082},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.