Attacking Randomized Exponentiations Using Unsupervised Learning

Abstract : Countermeasures to defeat most of side-channel attacks onexponentiations are based on randomization of processed data. The ex-ponent and the message blinding are particular techniques to thwartsimple, collisions, differential and correlation analyses. Attacks based ona single (trace) execution of exponentiations, like horizontal correlationanalysis and profiled template attacks, have shown to be efficient againstmost of popular countermeasures. In this paper we show how an unsuper-vised learning can explore the remaining leakages caused by conditionalcontrol tests and memory addressing in a RNS-based implementation ofthe RSA. The device under attack is protected with the exponent blind-ing and the leak resistant arithmetic. The developed attack combinesthe leakage of several samples over the segments of the exponentiationin order to recover the entire exponent. We demonstrate how to find thepoints of interest using trace pre-processing and clustering algorithms.This attack can recover the exponent using a single trace.