Attacking Single-Cycle Ciphers on Modern FPGAs : Featuring Explainable Deep Learning

Khairallah, Mustafa; Yap, Trevor

Attacking Single-Cycle Ciphers on Modern FPGAs : Featuring Explainable Deep Learning

Mark

Khairallah, Mustafa ^LU and Yap, Trevor (2026) Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025 In Lecture Notes in Computer Science 15653 LNCS. p.22-39

Abstract: In this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We start with the goal of exploiting a cheap modern FPGA and board using power traces from a cheap oscilloscope. Particularly, we use Xilinx Artix 7 on the Chipwhisperer CW305 board and PicoScope 5000A, respectively. We split our study into three parts. First, we show that the new set-up still exhibits easily detectable leakage, using a... (More); In this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We start with the goal of exploiting a cheap modern FPGA and board using power traces from a cheap oscilloscope. Particularly, we use Xilinx Artix 7 on the Chipwhisperer CW305 board and PicoScope 5000A, respectively. We split our study into three parts. First, we show that the new set-up still exhibits easily detectable leakage, using a non-specific t-test. Second, we replicate attacks from older FPGAs. Namely, we start with the attack by Yli-Mäyry et al., which is a simple chosen plaintext correlation power analysis attack using divide and conquer. However, we demonstrate that even this simple, powerful attack does not work, demonstrating a peculiar behavior. We study this behavior using a stochastic attack that attempts to extract the leakage model, and we show that models over a small part of the state are inconsistent and depend on more key bits than what is expected. We also attempt classical template attacks and get similar results. To further exploit the leakage, we employ deep learning techniques and succeed in key recovery, albeit using a large number of traces. We perform the explainability technique called Key Guessing Occlusion (KGO) to detect which points the neural networks exploit. When we use these points as features for the classical template attack, although it did not recover the secret key, its performance improves compared to other feature selection techniques.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/dc24208e-fe67-4df9-ab90-3c961bb85b70

author

Khairallah, Mustafa ^LU and Yap, Trevor

organization

publishing date

2026

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Embedded Systems

keywords

Deep Learning, FPGA, Low Latency, Princev2, Side-Channel Analysis

host publication

Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops : AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers - AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers

series title

Lecture Notes in Computer Science

editor

Manulis, Mark

volume

15653 LNCS

pages

18 pages

publisher

Springer Science and Business Media B.V.

conference name

Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025

conference location

Munich, Germany

conference dates

2025-06-23 - 2025-06-26

external identifiers

scopus:105021306238

ISSN

0302-9743

1611-3349

ISBN

9783032017987

DOI

10.1007/978-3-032-01799-4_2

language

English

LU publication?

yes

id

dc24208e-fe67-4df9-ab90-3c961bb85b70

date added to LUP

2025-12-10 12:03:30

date last changed

2025-12-10 12:04:22

@inproceedings{dc24208e-fe67-4df9-ab90-3c961bb85b70,
  abstract     = {{<p>In this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We start with the goal of exploiting a cheap modern FPGA and board using power traces from a cheap oscilloscope. Particularly, we use Xilinx Artix 7 on the Chipwhisperer CW305 board and PicoScope 5000A, respectively. We split our study into three parts. First, we show that the new set-up still exhibits easily detectable leakage, using a non-specific t-test. Second, we replicate attacks from older FPGAs. Namely, we start with the attack by Yli-Mäyry et al., which is a simple chosen plaintext correlation power analysis attack using divide and conquer. However, we demonstrate that even this simple, powerful attack does not work, demonstrating a peculiar behavior. We study this behavior using a stochastic attack that attempts to extract the leakage model, and we show that models over a small part of the state are inconsistent and depend on more key bits than what is expected. We also attempt classical template attacks and get similar results. To further exploit the leakage, we employ deep learning techniques and succeed in key recovery, albeit using a large number of traces. We perform the explainability technique called Key Guessing Occlusion (KGO) to detect which points the neural networks exploit. When we use these points as features for the classical template attack, although it did not recover the secret key, its performance improves compared to other feature selection techniques.</p>}},
  author       = {{Khairallah, Mustafa and Yap, Trevor}},
  booktitle    = {{Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops : AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers}},
  editor       = {{Manulis, Mark}},
  isbn         = {{9783032017987}},
  issn         = {{0302-9743}},
  keywords     = {{Deep Learning; FPGA; Low Latency; Princev2; Side-Channel Analysis}},
  language     = {{eng}},
  pages        = {{22--39}},
  publisher    = {{Springer Science and Business Media B.V.}},
  series       = {{Lecture Notes in Computer Science}},
  title        = {{Attacking Single-Cycle Ciphers on Modern FPGAs : Featuring Explainable Deep Learning}},
  url          = {{http://dx.doi.org/10.1007/978-3-032-01799-4_2}},
  doi          = {{10.1007/978-3-032-01799-4_2}},
  volume       = {{15653 LNCS}},
  year         = {{2026}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Attacking Single-Cycle Ciphers on Modern FPGAs : Featuring Explainable Deep Learning