Paper 2021/902

Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis

Kalle Ngo, Elena Dubrova, and Thomas Johansson


In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from $257 \times N$ and $24 \times 257 \times N$ traces, respectively, where $N$ is the number of repetitions of the same measurement. The value of $N$ depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments $N = 10$ is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. ``Spicing'' the training set with traces from the device under attack helps minimize the negative effect of device variability.

Note: Section 8 is extended and improved.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Public-key cryptographypost-quantum cryptographySaber KEMLWELWR-based KEMside-channel attackpower analysis
Contact author(s)
dubrova @ kth se
2021-07-22: revised
2021-07-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kalle Ngo and Elena Dubrova and Thomas Johansson},
      title = {Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2021/902},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.