基於深度學習降維之功率旁通道洩漏評估機制

Abstract

旁通道洩漏評估是確保密碼學實作安全性的關鍵流程。然而，業界標準的TVLA方法是一種單變數統計檢定方法，不足以有效偵測複雜的多變數與高階洩漏。現有替代方案雖試圖改良統計檢定方法或是利用機器學習，卻常受限於單變數分析、需要窮舉所有變數組合，或依賴大量實務上難以取得的驗證資料等問題。

為了克服這些限制，我們提出基於深度學習降維的旁通道洩漏評估機制（DDR-LA）。本方法無需任何驗證資料即可偵測多變數與高階洩漏，並能同時提供洩漏嚴重度評估與關鍵點識別。此外，DDR-LA能以少量樣本高效運作，有效降低量測成本並提升實務可行性。

我們在搭載微處理器的平台上進行加密軟體的洩漏檢測實驗，並將DDR-LA與TVLA進行比較。實驗結果顯示，DDR-LA在簡單洩漏情況下的表現與TVLA一致，但在較複雜的情況中則顯著優於TVLA。尤其在TVLA失效的多變數與高階洩漏情境中，DDR-LA可以偵測到TVLA完全無法察覺的洩漏，證明DDR-LA有潛力成為安全評估標準中，一個比傳統方法更全面的替代方案。

Side-channel leakage assessment is critical for securing cryptographic implementations. However, the industry-standard TVLA method is a univariate test that is insufficient for detecting complex multivariate and higher-order leakages. While other approaches exist, they are either limited by univariate constraints, require exhaustive enumeration of variable combinations, or depend on large, often impractical, validation datasets. To overcome these limitations, we propose DDR-LA, a side-channel leakage assessment method based on deep dimensionality reduction. Our method detects multivariate and higher-order leakages without requiring validation data, simultaneously providing leakage severity assessment and points of interest identification. Furthermore, DDR-LA operates effectively with a small number of samples, reducing measurement costs and enhancing practical feasibility.

We validated DDR-LA on cryptographic software running on a microprocessor and compared its performance to TVLA. Experimental results show that DDR-LA performs consistently with TVLA in simple leakage scenarios but significantly outperforms it in challenging cases. Notably, DDR-LA successfully detects multivariate and higher-order leakages where TVLA fails. This demonstrates DDR-LA's potential as a more comprehensive alternative to traditional methods in industrial-grade security assessments.