Paper 2019/358

One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA

Leo Weissbart, Stjepan Picek, and Lejla Batina

Abstract

Profiling attacks, especially those based on machine learning proved as very successful techniques in recent years when considering side-channel analysis of block ciphers implementations. At the same time, the results for implementations public-key cryptosystems are very sparse. In this paper, we consider several machine learning techniques in order to mount a power analysis attack on EdDSA using the curve Curve25519 as implemented in WolfSSL. The results show all considered techniques to be viable and powerful options. The results with convolutional neural networks (CNNs) are especially impressive as we are able to break the implementation with only a single measurement in the attack phase while requiring less than 500 measurements in the training phase. Interestingly, that same convolutional neural network was recently shown to perform extremely well for attacking the AES cipher. Our results show that some common grounds can be established when using deep learning for profiling attacks on distinct cryptographic algorithms and their corresponding implementations.

Metadata
Available format(s)
PDF
Publication info
Preprint. Minor revision.
Keywords
Side-channel attacksEdDSAMachine learningConvolutional Neural NetworkWolfSSL
Contact author(s)
picek stjepan @ gmail com
History
2019-09-25: revised
2019-04-10: received
See all versions
Short URL
https://ia.cr/2019/358
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/358,
      author = {Leo Weissbart and Stjepan Picek and Lejla Batina},
      title = {One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA},
      howpublished = {Cryptology ePrint Archive, Paper 2019/358},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/358}},
      url = {https://eprint.iacr.org/2019/358}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.