Paper 2026/301

Cross-Algorithm Deep Learning-based Non-Profiled Side-Channel Attacks Exploiting Symmetric Leakage

Jintong Yu, Shanghai Jiao Tong University
Yuxuan Wang, Shanghai Jiao Tong University
Zixin He, Shanghai Jiao Tong University
Yihan Nie, Shanghai Jiao Tong University
Yubo Zhao, Shanghai Jiao Tong University
Zhiliang An, Shanghai Jiao Tong University
Yipeng Shi, Shanghai Jiao Tong University
Pei Cao, Shanghai Jiao Tong University
Chi Zhang, Shanghai Jiao Tong University
Dawu Gu, Shanghai Jiao Tong University
Abstract

Deep Learning-based Non-profiled Side-Channel Analysis (DL-NSCA) enables automatic feature extraction without a profiling device, but existing approaches mainly target non-linear operations, requiring prior knowledge of the algorithm's unique non-linear structure and computable non-linear intermediate values. These limit applicability in analyzing proprietary or undisclosed implementations and in settings where plaintext/ciphertext are masked by unknown randomness (e.g., tweaks or nonces). We observe that linear operations are fundamental as common cryptographic primitives appearing at the beginning or end of algorithms in conjunction with the secret key, and are widely used to mask sensitive input/output. Motivated by this observation, we propose a new DL-NSCA perspective that targets the outputs of linear operations, referred to as symmetric leakage, to enable cross algorithm attacks. The main limitation of the prior distinguisher lies in their reliance on a simplistic correspondence between deep learning metrics and side channel information. This leads to two issues: the effectiveness of the distinguisher varies significantly with the chosen training epoch, and a wrong key inducing a negative correlation may be indistinguishable from the correct key under symmetric leakage. To address this, we provide a formal algebraic characterization of the relationship between the structure of the leakage function and the number of maxima given from the distinguisher. Guided by this theory, we propose a new distinguisher, VS-GBA, an epoch-invariant distinguisher that interprets SCA information from deep learning metrics and approaches the theoretical optimum. It is applicable to both the asymmetric leakage and symmetric leakage through a structure-aware screening criterion. Our experiments show that, on the high-noise 32-bit ARM Cortex-M4 device, when the core operations are protected, asymmetric leakage analysis fails to recover the keys for all three evaluated algorithms within the maximum trace budget (GE=70 for masked AES, GE=27 for masked PRESENT, and GE=66 for masked ASCON). In contrast, VS-GBA, which targets symmetric leakage, recovers the key with a 100% success rate using 8,000, 8,500, and 16,000 traces, respectively. Furthermore, we present a DL-NSCA attack on XTS-AES (NIST SP 800-38E), extending DL-NSCA to scenarios where plaintext/ciphertext is masked by a secret tweak.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Side-Channel Analysis
Contact author(s)
jintongyu @ sjtu edu cn
History
2026-07-12: last of 3 revisions
2026-02-18: received
See all versions
Short URL
https://ia.cr/2026/301
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/301,
      author = {Jintong Yu and Yuxuan Wang and Zixin He and Yihan Nie and Yubo Zhao and Zhiliang An and Yipeng Shi and Pei Cao and Chi Zhang and Dawu Gu},
      title = {Cross-Algorithm Deep Learning-based Non-Profiled Side-Channel Attacks Exploiting Symmetric Leakage},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/301},
      year = {2026},
      url = {https://eprint.iacr.org/2026/301}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.