Unveiling ECC Vulnerabilities: LSTM Networks for Operation Recognition in Side-Channel Attacks

TL;DR

This paper introduces an LSTM-based side-channel attack on elliptic curve cryptography, revealing vulnerabilities in current implementations and countermeasures, and demonstrating successful key recovery on real devices.

Contribution

It presents a novel LSTM neural network approach for side-channel attacks on ECC, showing its effectiveness and exposing weaknesses in existing countermeasures.

Findings

Successfully recovered private keys from real device implementations.

Demonstrated that coordinate randomization does not fully prevent attacks.

Validated attack feasibility through simulated and real experiments.

Abstract

We propose a novel approach for performing side-channel attacks on elliptic curve cryptography. Unlike previous approaches and inspired by the ``activity detection'' literature, we adopt a long-short-term memory (LSTM) neural network to analyze a power trace and identify patterns of operation in the scalar multiplication algorithm performed during an ECDSA signature, that allows us to recover bits of the ephemeral key, and thus retrieve the signer's private key. Our approach is based on the fact that modular reductions are conditionally performed by micro-ecc and depend on key bits. We evaluated the feasibility and reproducibility of our attack through experiments in both simulated and real implementations. We demonstrate the effectiveness of our attack by implementing it on a real target device, an STM32F415 with the micro-ecc library, and successfully compromise it. Furthermore, we show that current countermeasures, specifically the coordinate randomization technique, are not sufficient to protect against side channels. Finally, we suggest other approaches that may be implemented to thwart our attack.