A deep learning based side-channel analysis of an FPGA implementation of Saber

Abstract: In 2016, NIST started a post quantum cryptography (PQC) standardization project in response to the rapid development of quantum algorithms which break many public-key cryptographic schemes. As the project nears its end, it is necessary to assess the resistance of its finalists to side-channel attacks. Although several side-channel attacks on software implementations PQCfinalists have been presented in recent papers, hardware implementations have been investigated much less. In this thesis, we present the first side-channel attack on an FPGA implementation of one of the NIST PQC finalists, Saber. Our experiments are performed on a publicly availible implementation of Saber compiled with Xilinx Vivado for an Artix-7 XC7A100T FPGA. We trained several deep learning models in an attempt to recover the Hamming weight and value of messages using their corresponding power traces. We also proposed a method to determine the Hamming weight of messages through binary search based on these models. We found out that, due to the difference in software and hardware implementations, the previously presented message recovery method that breaks a masked software implementation of Saber cannot be directly applied to the hardware implementation. The main reason for this is that, in the hardware implementation used in our experiments, all 256 bits of a message are processed in parallel, while in the software implementation used in the previous work, the bits are processed one-by-one. Future works includes finding new methods for analyzing hardware implementations.