Supervised deep learning has emerged as an effective tool for carrying out power side-channel attacks on cryptographic implementations. While increasingly-powerful deep learning-based attacks are regularly published, comparatively-little work has gone into using deep learning to defend against these attacks. In this work we propose a technique for identifying which timesteps in a power trace are responsible for leaking a cryptographic key, through an adversarial game between a deep learning-based side-channel attacker which seeks to classify a sensitive variable from the power traces recorded during encryption, and a trainable noise generator which seeks to thwart this attack by introducing a minimal amount of noise into the power traces. We demonstrate on synthetic datasets that our method can outperform existing techniques in the presence of common countermeasures such as Boolean masking and trace desynchronization. Results on real datasets are weak because the technique is highly sensitive to hyperparameters and early-stop point, and we lack a holdout dataset with ground truth knowledge of leaking points for model selection. Nonetheless, we believe our work represents an important first step towards deep side-channel leakage localization without relying on strong assumptions about the implementation or the nature of its leakage. An open-source PyTorch implementation of our experiments is provided.

翻译：监督式深度学习已成为对密码实现进行功耗侧信道攻击的有效工具。尽管基于深度学习的攻击方法日益强大且不断被发表，但利用深度学习进行防御的研究相对较少。本研究提出一种通过对抗博弈定位功耗轨迹中泄露密钥时间点的方法：博弈一方是基于深度学习的侧信道攻击者，旨在从加密过程记录的功耗轨迹中分类敏感变量；另一方是可训练噪声生成器，试图通过向功耗轨迹注入最小噪声来挫败该攻击。我们在合成数据集上证明，在布尔掩码和轨迹失同步等常见防护措施存在的情况下，本方法性能优于现有技术。在真实数据集上的结果较弱，这是因为该方法对超参数和早停点高度敏感，且缺乏包含泄漏点真实标注的留出数据集用于模型选择。尽管如此，我们认为这项研究代表了在不依赖实现细节或泄漏性质强假设的前提下，实现深度侧信道泄漏定位的重要第一步。我们提供了实验的开源PyTorch实现。