A Hacker’s Guide to Reducing Side-Channel Attack Surfaces Using Deep-Learning

Conference:  Defcon 28



The presentation discusses how to use deep learning to reduce side-channel attack surfaces and showcases a concrete example of how to leverage AI explainability to quickly assess which parts of the implementation are responsible for the information leakage.
  • Side-channel attacks are an efficient way to attack secure hardware by targeting the implementation of the algorithm.
  • Debugging hardware is harder than debugging software because it requires looking at both the software and hardware to find the source of the leak.
  • Combining deep learning and dynamic analysis can help quickly and efficiently find the origin of the leakage.
  • The presentation showcases a concrete example of how to use a software called COLD to find where a tiny iOS implementation running on an SMT32F4 is leaking.
  • The software uses a heat map of CPU instructions to identify the most important lines of code causing the leakage.
  • The software can help developers quickly figure out what to patch and focus on developing stronger crypto.
  • The presentation shows how machine learning is changing how we approach side-channel attacks and how it can automate a lot of things and take into account linearity.
  • The presentation is a first step towards the idea of reducing the cost of finding and pinpointing side-channel attacks.
The presentation highlights an example of a powerful side-channel attack where people were able to lift out the private key of Bitcoin wallets from a hardware Bitcoin wallet called Trezor. This attack demonstrates the devastating impact of side-channel attacks on secure hardware.


in recent years, deep-learning based side-channel attacks have been proven to be very effective and opened the door to automated implementation techniques. Building on this line of work, this talk explores how to take the approach a step further and showcases how to leverage the recent advance in AI explainability to quickly assess which parts of the implementation is responsible for the information. Through a concrete set by step example, we will showcase the promise of this approach, its limitations, and how it can be used today.