Paper 2022/852

Making Biased DL Models Work: Message and Key Recovery Attacks on Saber Using Amplitude-Modulated EM Emanations

Ruize Wang, KTH Royal Institute of Technology
Kalle Ngo, KTH Royal Institute of Technology
Elena Dubrova, KTH Royal Institute of Technology

Creating a good deep learning (DL) model is an art which requires expertise in DL and a large set of labeled data for training neural networks. Neither is readily available. In this paper, we introduce a method which enables us to achieve good results with bad DL models. We use simple multilayer perceptron (MLP) networks, trained on a small dataset, which make strongly biased predictions if used without the proposed method. The core idea is to extend the attack dataset so that at least one of its traces has the ground truth label to which the models are biased towards. The effectiveness of the presented method is demonstrated by attacking an ARM Cortex-M4 CPU implementation of Saber KEM, a finalist of the NIST post-quantum cryptography standardization project, on a nRF52832 system-on-chip supporting Bluetooth 5, using amplitude-modulated EM emanations. Previous amplitude-modulated EM emanation-based attacks on Saber KEM could not recover its messages with a sufficiently high probability. We recover messages with the probability 1 from the profiling device and with the probability 0.74 from a different device. Using messages recovered from chosen ciphertexts, we extract the secret key of Saber KEM.

Available format(s)
Attacks and cryptanalysis
Publication info
Public-key cryptography Post-quantum cryptography Saber KEM LWE/LWR-based KEM Side-channel attack EM analysis
Contact author(s)
ruize @ kth se
kngo @ kth se
dubrova @ kth se
2022-06-29: approved
2022-06-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ruize Wang and Kalle Ngo and Elena Dubrova},
      title = {Making Biased {DL} Models Work: Message and Key Recovery Attacks on Saber Using Amplitude-Modulated {EM} Emanations},
      howpublished = {Cryptology ePrint Archive, Paper 2022/852},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.