Table of Contents
Fetching ...

Exact Soft Analytical Side-Channel Attacks using Tractable Circuits

Thomas Wedenig, Rishub Nagpal, Gaëtan Cassiers, Stefan Mangard, Robert Peharz

TL;DR

This work addresses the reliability and efficiency gap in soft analytical side-channel attacks by introducing ExSASCA, an exact inference framework that compiles the AES MixColumns operation into tractable probabilistic circuits (SDD/PSDD). By transforming a dense, loopy subgraph into a tree via exact compilation and leveraging sparse or dynamic compilation strategies, ExSASCA achieves substantial top-1 gains over SASCA while reducing computation by orders of magnitude relative to exhaustive inference. The approach yields two practical pathways for exact inference under sparse beliefs and dense, protected scenarios, and demonstrates superior performance on AES-128 leakage data, including resilience to noisy leakage. The methods promise broader impact on cryptography and probabilistic reasoning, offering scalable, provable inference techniques for large, logic-rich models beyond side-channel analysis.

Abstract

Detecting weaknesses in cryptographic algorithms is of utmost importance for designing secure information systems. The state-of-the-art soft analytical side-channel attack (SASCA) uses physical leakage information to make probabilistic predictions about intermediate computations and combines these "guesses" with the known algorithmic logic to compute the posterior distribution over the key. This attack is commonly performed via loopy belief propagation, which, however, lacks guarantees in terms of convergence and inference quality. In this paper, we develop a fast and exact inference method for SASCA, denoted as ExSASCA, by leveraging knowledge compilation and tractable probabilistic circuits. When attacking the Advanced Encryption Standard (AES), the most widely used encryption algorithm to date, ExSASCA outperforms SASCA by more than 31% top-1 success rate absolute. By leveraging sparse belief messages, this performance is achieved with little more computational cost than SASCA, and about 3 orders of magnitude less than exact inference via exhaustive enumeration. Even with dense belief messages, ExSASCA still uses 6 times less computations than exhaustive inference.

Exact Soft Analytical Side-Channel Attacks using Tractable Circuits

TL;DR

This work addresses the reliability and efficiency gap in soft analytical side-channel attacks by introducing ExSASCA, an exact inference framework that compiles the AES MixColumns operation into tractable probabilistic circuits (SDD/PSDD). By transforming a dense, loopy subgraph into a tree via exact compilation and leveraging sparse or dynamic compilation strategies, ExSASCA achieves substantial top-1 gains over SASCA while reducing computation by orders of magnitude relative to exhaustive inference. The approach yields two practical pathways for exact inference under sparse beliefs and dense, protected scenarios, and demonstrates superior performance on AES-128 leakage data, including resilience to noisy leakage. The methods promise broader impact on cryptography and probabilistic reasoning, offering scalable, provable inference techniques for large, logic-rich models beyond side-channel analysis.

Abstract

Detecting weaknesses in cryptographic algorithms is of utmost importance for designing secure information systems. The state-of-the-art soft analytical side-channel attack (SASCA) uses physical leakage information to make probabilistic predictions about intermediate computations and combines these "guesses" with the known algorithmic logic to compute the posterior distribution over the key. This attack is commonly performed via loopy belief propagation, which, however, lacks guarantees in terms of convergence and inference quality. In this paper, we develop a fast and exact inference method for SASCA, denoted as ExSASCA, by leveraging knowledge compilation and tractable probabilistic circuits. When attacking the Advanced Encryption Standard (AES), the most widely used encryption algorithm to date, ExSASCA outperforms SASCA by more than 31% top-1 success rate absolute. By leveraging sparse belief messages, this performance is achieved with little more computational cost than SASCA, and about 3 orders of magnitude less than exact inference via exhaustive enumeration. Even with dense belief messages, ExSASCA still uses 6 times less computations than exhaustive inference.
Paper Structure (19 sections, 5 equations, 5 figures, 1 table, 2 algorithms)

This paper contains 19 sections, 5 equations, 5 figures, 1 table, 2 algorithms.

Figures (5)

  • Figure 1: A round of AES takes a $4 \times 4$-byte matrix $\mathbf{M}$ and computes a series of functions: (1) SubBytes applies a non-linear bijection $S$ to each byte individually, (2) ShiftRows shifts the rows of the input matrix to the left, (3) MixColumns computes a linear function which takes each input column and performs a matrix-vector product in the Galois field of characteristic $256$ ($\mathbb{F}_{256}$) and (4) AddRoundKey, a byte-wise xor operation with the "round key" (which is just the key in the first round).
  • Figure 2: (left) Factor graph over the first four key bytes and plaintext bytes and their operations in AES. Black squares denote logical factors that represent AES operations. For example, an xor-factor is $1$ if and only if the variable on its right is the bit-wise exclusive or of the two variables on its left and $0$ otherwise. Similarly, sbox encodes a bijection $S$ between byte-values and xtime encodes a multiplication with $2$ in the Galois field of characteristic $256$ (abstracted as $f_{\textsc{xtime}}$). Every unobserved (blank) variable node has an additional factor $p(v \,|\, \boldsymbol{\ell})$ (omitted for sake of visual clarity). Shaded variable nodes are observed. (right) The same factor graph, but where the loopy MixColumns part has been summarized in a single high-dimensional factor $\mathcal{M}$ (represented by a PSDD). We use plate notation to illustrate structurally identical parts. The set $\mathbf{v}_{mid}$ contains all intermediate variables in the MixColumns function.
  • Figure 3: Given the algorithmic description of MixColumn ($\mathcal{M}$) and the local beliefs $p(v \,|\, \boldsymbol{\ell}), v \in \mathbf{v}$ as inputs to our compilation pipeline, we yield a PSDD representations of all input distributions, denoted $\mathcal{PC}(p(v \,|\, \boldsymbol{\ell}))$. Moreover, all PSDDs are pairwise compatible for downstream circuit multiplication tasks.
  • Figure 4: Top-1 success rate of different inference methods when using corrupted beliefs $\tilde{p}_{\alpha}(v \,|\, \boldsymbol{\ell})$, computed on a batch of $128$ traces in $\mathcal{D}_{\text{val}}$ ($\varepsilon = 0$). As $\alpha \to 1$, the local beliefs become increasingly uninformative.
  • Figure :

Theorems & Definitions (4)

  • Definition 3.1: Compressed Partition sdd
  • Definition 3.2: Vtree new_comp_lang
  • Definition 3.3: Sentential Decision Diagram sdd
  • Definition 3.4: Probabilistic SDD