




























Yuxuan Wang, Shanghai Jiao Tong University
Zixin He, Shanghai Jiao Tong University
Yihan Nie, Shanghai Jiao Tong University
Yubo Zhao, Shanghai Jiao Tong University
Zhiliang An, Shanghai Jiao Tong University
Yipeng Shi, Shanghai Jiao Tong University
Pei Cao, Shanghai Jiao Tong University
Chi Zhang, Shanghai Jiao Tong University
Dawu Gu, Shanghai Jiao Tong University
Deep Learning-based Non-profiled Side-Channel Analysis (DL-NSCA) enables automatic feature extraction without a profiling device, but existing approaches mainly target non-linear operations, requiring prior knowledge of the algorithm's unique non-linear structure and computable non-linear intermediate values. These limit applicability in analyzing proprietary or undisclosed implementations and in settings where plaintext/ciphertext are masked by unknown randomness (e.g., tweaks or nonces). We observe that linear operations are fundamental as common cryptographic primitives appearing at the beginning or end of algorithms in conjunction with the secret key, and are widely used to mask sensitive input/output. Motivated by this observation, we propose a new DL-NSCA perspective that targets the outputs of linear operations, referred to as blind leakage, to enable cross algorithm attacks. However, the prior distinguisher in DL-NSCA is designed for non-linear operations, and how to effectively analyze blind leakage within this framework remains an open problem. The main limitation of the prior distinguisher lies in their reliance on a simplistic correspondence between deep learning metrics and side channel information, namely selecting the key guess corresponding to the minimum training loss. This leads to two issues: the effectiveness of the distinguisher varies significantly with the chosen training epoch, and the implicit assumption of a unique correlation maximum adopted by it does not hold for symmetric leakage. To address this, we provide a formal algebraic characterization of the relationship between the structure of the leakage function and the number of correlation maxima for all linear operations. Guided by this theory, we propose a new distinguisher, VS-GBA, an epoch-invariant distinguisher that interprets SCA information from deep learning metrics and approaches the theoretical optimum. It is applicable to both the single-maximum case (asymmetric leakage) and the dual-maximum case (symmetric leakage) through a structure-aware screening criterion. Experiments on a high-noise 32-bit ARM Cortex-M4 device demonstrate that asymmetric leakage analysis fails to recover keys for all three evaluated algorithms at the maximum trace budget ($GE=70$ for masked AES, $GE=27$ for masked PRESENT, $GE=66$ for masked ASCON), whereas VS-GBA targeting symmetric leakage recovers the key with a 100\% success rate in 8,000, 8,500, and 16,000 traces, respectively. Furthermore, we present the first DL-NSCA attack on XTS-AES (NIST SP 800-38E), extending DL-NSCA to scenarios where plaintext/ciphertext is masked by a secret tweak.
BibTeX
@misc{cryptoeprint:2026/301,
author = {Jintong Yu and Yuxuan Wang and Zixin He and Yihan Nie and Yubo Zhao and Zhiliang An and Yipeng Shi and Pei Cao and Chi Zhang and Dawu Gu},
title = {Cross-Algorithm Deep Learning-based Non-Profiled Side-Channel Attacks Exploiting Symmetric Leakage},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/301},
year = {2026},
url = {https://eprint.iacr.org/2026/301}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。