{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:54:17Z","timestamp":1762005257255,"version":"3.37.3"},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T00:00:00Z","timestamp":1602806400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T00:00:00Z","timestamp":1602806400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100010662","name":"H2020 Excellent Science","doi-asserted-by":"publisher","award":["805031"],"award-info":[{"award-number":["805031"]}],"id":[{"id":"10.13039\/100010662","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Hardw Syst Secur"],"published-print":{"date-parts":[[2020,12]]},"abstract":"Abstract<\/jats:title>Profiling attacks, especially those based on machine learning, proved to be very successful techniques in recent years when considering the side-channel analysis of symmetric-key crypto implementations. At the same time, the results for implementations of asymmetric-key cryptosystems are very sparse. This paper considers several machine learning techniques to mount side-channel attacks on two implementations of scalar multiplication on the elliptic curve Curve25519. The first implementation follows the baseline implementation with complete formulae as used for EdDSA in WolfSSl, where we exploit power consumption as a side-channel. The second implementation features several countermeasures, and in this case, we analyze electromagnetic emanations to find side-channel leakage. Most techniques considered in this work result in potent attacks, and especially the method of choice appears to be convolutional neural networks (CNNs), which can break the first implementation with only a single measurement in the attack phase. The same convolutional neural network demonstrated excellent performance for attacking AES cipher implementations. Our results show that some common grounds can be established when using deep learning for profiling attacks on very different cryptographic algorithms and their corresponding implementations.<\/jats:p>","DOI":"10.1007\/s41635-020-00106-w","type":"journal-article","created":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T05:02:39Z","timestamp":1602824559000},"page":"314-328","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Systematic Side-Channel Analysis of Curve25519 with Machine Learning"],"prefix":"10.1007","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0288-9686","authenticated-orcid":false,"given":"L\u00e9o","family":"Weissbart","sequence":"first","affiliation":[]},{"given":"\u0141ukasz","family":"Chmielewski","sequence":"additional","affiliation":[]},{"given":"Stjepan","family":"Picek","sequence":"additional","affiliation":[]},{"given":"Lejla","family":"Batina","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,10,16]]},"reference":[{"key":"#cr-split#-106_CR1.1","doi-asserted-by":"crossref","unstructured":"Batina L, Chmielewski \u0141, Papachristodoulou L, Schwabe P, Tunstall M (2014) Online template attacks. In: Willi Meier DM","DOI":"10.1007\/978-3-319-13039-2_2"},{"key":"#cr-split#-106_CR1.2","unstructured":"(ed) Progress in cryptology - INDOCRYPT 2014 - 15th international conference on cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings. LNCS, vol 8885. Springer, pp 21-36. http:\/\/cryptojedi.org\/papers\/#ota"},{"key":"106_CR2","doi-asserted-by":"publisher","unstructured":"Batina L, Chmielewski \u0141, Papachristodoulou L, Schwabe P, Tunstall M (2017) Online template attacks. J Cryptogr Eng. https:\/\/doi.org\/10.1007\/s13389-017-0171-8","DOI":"10.1007\/s13389-017-0171-8"},{"key":"106_CR3","unstructured":"Bernstein DJ (2016) Curve25519: new diffie-Hellman speed records. http:\/\/cr.yp.to\/papers.html#curve25519 Citations in this document 1(5)"},{"issue":"2","key":"106_CR4","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s13389-012-0027-1","volume":"2","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein DJ, Duif N, Lange T, Schwabe P, Yang BY (2012) High-speed high-security signatures. J Cryptogr Eng 2(2):77\u201389","journal-title":"J Cryptogr Eng"},{"key":"106_CR5","unstructured":"Bohy L, Neve M, Samyde D, Quisquater JJ (2003) Principal and independent component analysis for crypto-systems with hardware unmasked units. In: Proceedings of e-Smart 2003. Cannes, France"},{"issue":"1","key":"106_CR6","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman L (2001) Random forests. Mach Learn 45(1):5\u201332","journal-title":"Mach Learn"},{"key":"106_CR7","doi-asserted-by":"crossref","unstructured":"Cagli E, Dumas C, Prouff E (2017) Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing. In: Cryptographic hardware and embedded systems - CHES 2017 - 19th international conference, Taipei, Taiwan, September 25-28, 2017, proceedings, pp 45\u201368","DOI":"10.1007\/978-3-319-66787-4_3"},{"issue":"2","key":"106_CR8","doi-asserted-by":"publisher","first-page":"132","DOI":"10.13154\/tches.v2019.i2.132-161","volume":"2019","author":"M Carbone","year":"2019","unstructured":"Carbone M, Conin V, Corn\u00e9lie MA, Dassance F, Dufresne G, Dumas C, Prouff E, Venelli A (2019) Deep learning to evaluate secure RSA implementations. IACR Trans Cryptogr Hardw Embed Syst 2019(2):132\u2013161. https:\/\/doi.org\/10.13154\/tches.v2019.i2.132-161. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7388","journal-title":"IACR Trans Cryptogr Hardw Embed Syst"},{"key":"106_CR9","doi-asserted-by":"crossref","unstructured":"Chari S, Rao JR, Rohatgi P (2002) Template attacks. In: International workshop on cryptographic hardware and embedded systems. Springer, pp 13\u201328","DOI":"10.1007\/3-540-36400-5_3"},{"key":"106_CR10","doi-asserted-by":"crossref","unstructured":"Chen T, Guestrin C (2016) XGBoost: a scalable tree boosting system. arXiv:1603.02754","DOI":"10.1145\/2939672.2939785"},{"key":"106_CR11","doi-asserted-by":"publisher","unstructured":"Chmielewski \u0141 (2020) Reassure (h2020 731591) ecc dataset. https:\/\/doi.org\/10.5281\/zenodo.3609789","DOI":"10.5281\/zenodo.3609789"},{"key":"106_CR12","doi-asserted-by":"crossref","unstructured":"Choudary O, Kuhn MG (2013) Efficient template attacks. In: Francillon A, Rohatgi P (eds) Smart card research and advanced applications - 12th international conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised selected papers. LNCS, vol 8419. Springer, pp 253\u2013270","DOI":"10.1007\/978-3-319-08302-5_17"},{"key":"106_CR13","doi-asserted-by":"crossref","unstructured":"Cid C, Jacobson MJ, Michael J (eds) (2019) Selected areas in cryptography - SAC 2018 - 25th International Conference, Calgary, AB, Canada, August 15-17, 2018, Revised Selected Papers, Lecture Notes in Computer Science , vol 11349. Springer, Berlin","DOI":"10.1007\/978-3-030-10970-7"},{"issue":"2-3","key":"106_CR14","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/s10623-015-0087-1","volume":"77","author":"M D\u00fcll","year":"2015","unstructured":"D\u00fcll M, Haase B, Hinterw\u00e4lder G, Hutter M, Paar C, S\u00e1nchez AH, Schwabe P (2015) High-speed curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Des Codes Cryptogr 77 (2-3):493\u2013514. http:\/\/dblp.uni-trier.de\/db\/journals\/dcc\/dcc77.html#DullHHHPSS15","journal-title":"Des Codes Cryptogr"},{"key":"106_CR15","unstructured":"Dugardin M, Papachristodoulou L, Najm Z, Batina L, Danger J, Guilley S (2016) Dismantling real-world ECC with horizontal and vertical template attacks. In: Constructive side-channel analysis and secure design - 7th international workshop, COSADE 2016, Graz, Austria, April 14-15, 2016. http:\/\/eprint.iacr.org\/2015\/1001\/"},{"key":"106_CR16","first-page":"1889","volume":"6","author":"RE Fan","year":"2005","unstructured":"Fan RE, Chen PH, Lin CJ (2005) Working set selection using second order information for training support vector machines. J Mach Learn Res 6:1889\u20131918. http:\/\/dl.acm.org\/citation.cfm?id=1046920.1194907","journal-title":"J Mach Learn Res"},{"key":"106_CR17","doi-asserted-by":"crossref","unstructured":"Hettwer B, Gehrer S, G\u00fcneysu T (2020) Deep neural network attribution methods for leakage analysis and symmetric key recovery. In: Paterson KG, Stebila D (eds) Selected areas in cryptography \u2013 SAC 2019. Springer International Publishing, Cham, pp 645-\u2013666","DOI":"10.1007\/978-3-030-38471-5_26"},{"issue":"99","key":"106_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TC.2017.2757921","volume":"PP","author":"A Heuser","year":"2017","unstructured":"Heuser A, Picek S, Guilley S, Mentens N (2017) Lightweight ciphers and their side-channel resilience. IEEE Trans Comput PP(99):1\u20131. https:\/\/doi.org\/10.1109\/TC.2017.2757921","journal-title":"IEEE Trans Comput"},{"key":"#cr-split#-106_CR19.1","doi-asserted-by":"crossref","unstructured":"Heyszl J, Mangard S, Heinz B, Stumpf F, Sigl G (2012) Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman O","DOI":"10.1007\/978-3-642-27954-6_15"},{"key":"#cr-split#-106_CR19.2","unstructured":"(ed) Topics in cryptology - CT-RSA 2012. LNCS, vol 7178. Springer, pp 231-244"},{"issue":"3","key":"106_CR20","doi-asserted-by":"publisher","first-page":"148","DOI":"10.13154\/tches.v2019.i3.148-179","volume":"2019","author":"J Kim","year":"2019","unstructured":"Kim J, Picek S, Heuser A, Bhasin S, Hanjalic A (2019) Make some noise. unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Trans Cryptogr Hardw Embed Syst 2019(3):148\u2013179. https:\/\/doi.org\/10.13154\/tches.v2019.i3.148-179. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8292","journal-title":"IACR Trans Cryptogr Hardw Embed Syst"},{"issue":"2","key":"106_CR21","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1504\/IJACT.2014.062722","volume":"3","author":"L Lerman","year":"2014","unstructured":"Lerman L, Bontempi G, Markowitch O (2014) Power analysis attack: an approach based on machine learning. Int J Appl Cryptol 3(2):97\u2013115. https:\/\/doi.org\/10.1504\/IJACT.2014.062722","journal-title":"Int J Appl Cryptol"},{"key":"106_CR22","doi-asserted-by":"crossref","unstructured":"Maghrebi H, Portigliatti T, Prouff E (2016) Breaking cryptographic implementations using deep learning techniques. In: Security, privacy, and applied cryptography engineering - 6th international conference, SPACE 2016, hyderabad, india, december 14-18, 2016, proceedings, pp 3\u201326","DOI":"10.1007\/978-3-319-49445-6_1"},{"key":"106_CR23","volume-title":"Power analysis attacks: revealing the secrets of smart cards","author":"S Mangard","year":"2006","unstructured":"Mangard S, Oswald E, Popp T (2006) Power analysis attacks: revealing the secrets of smart cards. Springer, Berlin. http:\/\/www.dpabook.org\/"},{"key":"106_CR24","doi-asserted-by":"publisher","unstructured":"Masure L, Dumas C, Prouff E (2019) Gradient visualization for general characterization in profiling attacks. In: Polian I, St\u00f6ttinger M (eds) Constructive side-channel analysis and secure design - 10th international workshop, COSADE 2019, Darmstadt, Germany, April 3-5, 2019, proceedings. Lecture notes in computer Science, vol 11421. Springer, pp 145\u2013167. https:\/\/doi.org\/10.1007\/978-3-030-16350-1_9","DOI":"10.1007\/978-3-030-16350-1_9"},{"key":"106_CR25","doi-asserted-by":"crossref","unstructured":"Medwed M, Oswald E (2008) Template attacks on ECDSA. In: International workshop on information security applications. Springer, pp 14\u201327","DOI":"10.1007\/978-3-642-00306-6_2"},{"key":"106_CR26","unstructured":"Medwed M, Oswald E (2008) Template attacks on ECDSA Chung KI, Sohn K, Yung M (eds), vol 5379, Springer. https:\/\/eprint.iacr.org\/2008\/081\/"},{"key":"106_CR27","unstructured":"Nascimento E, Chmielewski \u0141 Horizontal clustering side-channel attacks on embedded ecc implementations (extended version). Cryptology ePrint Archive, Report 2017\/1204 (2017). https:\/\/eprint.iacr.org\/2017\/1204"},{"key":"106_CR28","doi-asserted-by":"crossref","unstructured":"Nascimento E, Chmielewski \u0141, Oswald D, Schwabe P (2017) Attacking embedded ecc implementations through cmov side channels. In: Avanzi R., Heys H (eds) Selected areas in cryptography \u2013 SAC 2016. Springer International Publishing, Cham, pp 99\u2013-119","DOI":"10.1007\/978-3-319-69453-5_6"},{"key":"106_CR29","unstructured":"NIST F.P. (2015) 180-4 secure hash standard (shs), no. August gaithersburg: National Institute of Standards and Technology"},{"key":"106_CR30","unstructured":"\u00d6zgen E, Papachristodoulou L, Batina L (2016) Classification algorithms for template matching. In: IEEE International symposium on hardware oriented security and trust, HOST 2016, mclean, VA, USA, 2016 (to appear)"},{"key":"106_CR31","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, Vanderplas J, Passos A, Cournapeau D, Brucher M, Perrot M, Duchesnay E (2011) Scikit-learn: Machine learning in Python. J Mach Learn Res 12:2825\u20132830","journal-title":"J Mach Learn Res"},{"key":"106_CR32","unstructured":"Perin G, Ege B, Chmielewski \u0141 Neural network model assessment for side-channel analysis. IACR Cryptology ePrint Archive 2019, 722 (2019). https:\/\/eprint.iacr.org\/2019\/722"},{"key":"106_CR33","unstructured":"Picek S, Heuser A, Alippi C, Regazzoni F (2018) When theory meets practice: A framework for robust profiled side-channel analysis. Cryptology ePrint Archive, Report 2018\/1123. https:\/\/eprint.iacr.org\/2018\/1123"},{"key":"106_CR34","unstructured":"Picek S, Heuser A, Guilley S (2019) Profiling side-channel analysis in the restricted attacker framework. Cryptology ePrint Archive, Report 2019\/168. https:\/\/eprint.iacr.org\/2019\/168"},{"issue":"1","key":"106_CR35","doi-asserted-by":"publisher","first-page":"209","DOI":"10.13154\/tches.v2019.i1.209-237","volume":"2019","author":"S Picek","year":"2019","unstructured":"Picek S, Heuser A, Jovic A, Bhasin S, Regazzoni F (2019) The curse of class imbalance and conflicting metrics with machine learning for side-channel evaluations. IACR Trans Cryptogr Hardw Embed Syst 2019(1):209\u2013237. https:\/\/doi.org\/10.13154\/tches.v2019.i1.209-237","journal-title":"IACR Trans Cryptogr Hardw Embed Syst"},{"key":"106_CR36","doi-asserted-by":"crossref","unstructured":"Picek S, Heuser A, Jovic A, Ludwig SA, Guilley S, Jakobovic D, Mentens N (2017) Side-channel analysis and machine learning: a practical perspective. In: 2017 International joint conference on neural networks, IJCNN 2017, anchorage, AK, USA, May 14-19, 2017, pp 4095\u20134102","DOI":"10.1109\/IJCNN.2017.7966373"},{"key":"106_CR37","doi-asserted-by":"crossref","unstructured":"Picek S, Samiotis IP, Kim J, Heuser A, Bhasin S, Legay A Chattopadhyay A, Rebeiro C, Yarom Y (eds) (2018) On the performance of convolutional neural networks for side-channel analysis. Springer International Publishing, Cham","DOI":"10.1007\/978-3-030-05072-6_10"},{"key":"106_CR38","doi-asserted-by":"crossref","unstructured":"Poussier R, Zhou Y, Standaert FX Fischer W, Homma N (eds) (2017) A systematic approach to the side-channel analysis of ECC implementations with worst-case horizontal attacks. Springer International Publishing, Cham","DOI":"10.1007\/978-3-319-66787-4_26"},{"key":"106_CR39","unstructured":"Prouff E, Strullu R, Benadjila R, Cagli E, Dumas C (2018) Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. IACR Cryptology ePrint Archive 2018, 53"},{"key":"106_CR40","doi-asserted-by":"crossref","unstructured":"Samwel N, Batina L, Bertoni G, Daemen J, Susella R (2018) Breaking ed25519 in wolfSSL. In: Cryptographers\u2019 track at the RSA conference. Springer, pp 1\u201320","DOI":"10.1007\/978-3-319-76953-0_1"},{"key":"106_CR41","doi-asserted-by":"crossref","unstructured":"Schindler W, Huss SA (eds) (2012) Constructive side-channel analysis and secure design - third international workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012. proceedings, LNCS, vol 7275. Springer, Berlin","DOI":"10.1007\/978-3-642-29912-4"},{"issue":"3","key":"106_CR42","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"Schnorr CP (1991) Efficient signature generation by smart cards. J Cryptol 4(3):161\u2013174","journal-title":"J Cryptol"},{"key":"106_CR43","unstructured":"Simonyan K, Zisserman A (2014) Very deep convolutional networks for large-scale image recognition. arXiv:1409.1556"},{"key":"106_CR44","doi-asserted-by":"crossref","unstructured":"Standaert FX, Malkin T, Yung M (2009) A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT. LNCS, vol 5479. Springer, Cologne, pp 443\u2013 461","DOI":"10.1007\/978-3-642-01001-9_26"},{"key":"106_CR45","unstructured":"van der Valk D, Picek S (2019) Bias-variance decomposition in machine learning-based side-channel analysis. Cryptology ePrint Archive, Report 2019\/570. https:\/\/eprint.iacr.org\/2019\/570"},{"key":"106_CR46","unstructured":"van der Valk D, Picek S, Bhasin S (2019) Kilroy was here: The first step towards explainability of neural networks in profiled side-channel analysis. Cryptology ePrint Archive, Report 2019\/1477. https:\/\/eprint.iacr.org\/2019\/1477"},{"key":"106_CR47","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-2440-0","volume-title":"The nature of statistical learning theory","author":"VN Vapnik","year":"1995","unstructured":"Vapnik VN (1995) The nature of statistical learning theory. Springer, New York"},{"key":"106_CR48","doi-asserted-by":"crossref","unstructured":"Weissbart L, Picek S, Batina L (2019) One trace is all it takes: machine learning-based side-channel attack on edDSA. In: Bhasin S, Mendelson A, Nandi M (eds) Security, privacy, and applied cryptography engineering. Springer International Publishing, Cham, pp 86\u2013-105","DOI":"10.1007\/978-3-030-35869-3_8"},{"key":"106_CR49","doi-asserted-by":"crossref","unstructured":"Xu M, Wu L, Zhang X (2018) Power analysis on SM4 with boosting methods. In: 2018 12th IEEE international conference on anti-counterfeiting, security, and identification (ASID). IEEE, pp 188\u2013191","DOI":"10.1109\/ICASID.2018.8693225"},{"issue":"1","key":"106_CR50","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13154\/tches.v2020.i1.1-36","volume":"2020","author":"G Zaid","year":"2019","unstructured":"Zaid G, Bossuet L, Habrard A, Venelli A (2019) Methodology for efficient cnn architectures in profiling attacks. IACR Trans Cryptogr Hardw Embed Syst 2020(1):1\u201336. https:\/\/doi.org\/10.13154\/tches.v2020.i1.1-36. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8391","journal-title":"IACR Trans Cryptogr Hardw Embed Syst"}],"container-title":["Journal of Hardware and Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s41635-020-00106-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s41635-020-00106-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s41635-020-00106-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,16]],"date-time":"2021-10-16T07:13:08Z","timestamp":1634368388000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s41635-020-00106-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,16]]},"references-count":52,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["106"],"URL":"https:\/\/doi.org\/10.1007\/s41635-020-00106-w","relation":{},"ISSN":["2509-3428","2509-3436"],"issn-type":[{"type":"print","value":"2509-3428"},{"type":"electronic","value":"2509-3436"}],"subject":[],"published":{"date-parts":[[2020,10,16]]},"assertion":[{"value":"25 May 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 September 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 October 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}