A side-channel attack on a masked and shuffled software implementation of Saber

Abstract In this paper, we show that a software implementation of IND-CCA-secure Saber key encapsulation mechanism protected by first-order masking and shuffling can be broken deep learning-based power analysis. Using an ensemble neural networks trained at the profiling stage, recover session secret from $$257 \times N$$ 257 × N $$24 257 24 traces, respectively, where N is number repetitions same measurement. The value depends on algorithm, type device under attack, environmental factors, acquisition noise, etc.; in our experiments $$N = 10$$ = 10 sufficient for successful attack. are combination 80% traces with known order 20% attack captured all-0 all-1 messages. “Spicing” training set helps us minimize negative effect inter-device variability.