Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Unveiling ECC Vulnerabilities: LSTM Networks for Operation Recognition in Side-Channel Attacks

Alberto Battistello, Guido Bertoni, Michele Corrias, Lorenzo Nava, Davide Rusconi, Matteo Zoia, Fabio Pierazzi, Andrea Lanzi

TL;DR

This paper demonstrates a practical side-channel vulnerability in ECC implementations by training an LSTM to perform operation recognition on power traces of scalar multiplication $kP$ in ECDSA. It shows that coordinate randomization and typical constant-time defenses are insufficient, enabling ephemeral-key bits to be leaked and the private key recovered via a lattice attack after identifying operational collisions. The authors validate the approach through simulated data and a real-world attack on an STM32F415RG using the micro-ecc library and secp160r1, detailing a five-component system (trace acquisition, windowing, ML classification, post-processing, and key extraction) and a comprehensive evaluation methodology. They also analyze countermeasures, arguing that incomplete defenses can be circumvented and recommending masking and coordinate re-randomization as more robust options. Overall, the work reveals significant security risks in widely deployed ECC implementations and emphasizes the need for stronger, constant-time, and collision-resistant designs to thwart advanced ML-assisted SCAs.

Abstract

We propose a novel approach for performing side-channel attacks on elliptic curve cryptography. Unlike previous approaches and inspired by the ``activity detection'' literature, we adopt a long-short-term memory (LSTM) neural network to analyze a power trace and identify patterns of operation in the scalar multiplication algorithm performed during an ECDSA signature, that allows us to recover bits of the ephemeral key, and thus retrieve the signer's private key. Our approach is based on the fact that modular reductions are conditionally performed by micro-ecc and depend on key bits. We evaluated the feasibility and reproducibility of our attack through experiments in both simulated and real implementations. We demonstrate the effectiveness of our attack by implementing it on a real target device, an STM32F415 with the micro-ecc library, and successfully compromise it. Furthermore, we show that current countermeasures, specifically the coordinate randomization technique, are not sufficient to protect against side channels. Finally, we suggest other approaches that may be implemented to thwart our attack.

Unveiling ECC Vulnerabilities: LSTM Networks for Operation Recognition in Side-Channel Attacks

TL;DR

This paper demonstrates a practical side-channel vulnerability in ECC implementations by training an LSTM to perform operation recognition on power traces of scalar multiplication in ECDSA. It shows that coordinate randomization and typical constant-time defenses are insufficient, enabling ephemeral-key bits to be leaked and the private key recovered via a lattice attack after identifying operational collisions. The authors validate the approach through simulated data and a real-world attack on an STM32F415RG using the micro-ecc library and secp160r1, detailing a five-component system (trace acquisition, windowing, ML classification, post-processing, and key extraction) and a comprehensive evaluation methodology. They also analyze countermeasures, arguing that incomplete defenses can be circumvented and recommending masking and coordinate re-randomization as more robust options. Overall, the work reveals significant security risks in widely deployed ECC implementations and emphasizes the need for stronger, constant-time, and collision-resistant designs to thwart advanced ML-assisted SCAs.

Abstract

We propose a novel approach for performing side-channel attacks on elliptic curve cryptography. Unlike previous approaches and inspired by the ``activity detection'' literature, we adopt a long-short-term memory (LSTM) neural network to analyze a power trace and identify patterns of operation in the scalar multiplication algorithm performed during an ECDSA signature, that allows us to recover bits of the ephemeral key, and thus retrieve the signer's private key. Our approach is based on the fact that modular reductions are conditionally performed by micro-ecc and depend on key bits. We evaluated the feasibility and reproducibility of our attack through experiments in both simulated and real implementations. We demonstrate the effectiveness of our attack by implementing it on a real target device, an STM32F415 with the micro-ecc library, and successfully compromise it. Furthermore, we show that current countermeasures, specifically the coordinate randomization technique, are not sufficient to protect against side channels. Finally, we suggest other approaches that may be implemented to thwart our attack.

Paper Structure

This paper contains 30 sections, 2 equations, 5 figures, 6 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Scalar Multiplication
  4. Jacobian co-Z representation
  5. Montgomery ladder with (X, Y)-only co-Z addition
  6. Related Work
  7. Attack Preconditions
  8. Consistent Timing of the Implementation.
  9. Repeated Operations Depending on Key Bit.
  10. Attacking the First Bit.
  11. System Overview
  12. System Architecture
  13. Pre-Processing
  14. Neural Network Architecture & Parameters
  15. Post-Processing to Identify Operations
  16. ...and 15 more sections

Figures (5)

  • Figure 1: Architectural Overview
  • Figure 2: The first 24 thousand samples of a real power consumption trace (translated on the y-axis by 20 points for typesetting reasons).
  • Figure 3: Epoch accuracy plot for 100 epochs, batch size of 64 and validation split of $20\%$: train in orange, validation in blue.
  • Figure 4: Epoch loss plot for 100 epochs, batch size of 64 and validation split of $20\%$: train in orange, validation in blue.
  • Figure 5: Accuracy results for the initial portion of a real power consumption trace. In green the correct predictions, in red the failed ones.