International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On Loopy Belief Propagation for SASCAs

Authors:
Rishub Nagpal , Graz University of Technology
Gaëtan Cassiers , CryptoExperts, UCLouvain
Robert Primas , Intel Labs
Christian Knoll , Levata GmbH
Franz Pernkopf , Graz University of Technology
Stefan Mangard , Graz University of Technology
Download:
DOI: 10.62056/ayl8ksdja
URL: https://cic.iacr.org/p/1/4/15
Search ePrint
Search Google
Abstract:

Profiled power analysis is one of the most powerful forms of passive side-channel attacks. Over the last two decades, many works have analyzed their impact on cryptographic implementations as well as corresponding countermeasure techniques. To date, the most advanced variants of profiled power analysis are based on Soft-analytical Side-Channel Attacks (SASCA). After the initial profiling phase, a SASCA adversary creates a probabilistic graphical model, called a factor graph, of the target implementation and encodes the results of the previous step as prior information. Then, an inference algorithm such as loopy Belief Propagation (BP) can be used to recover the distribution of a target variable in the graph, i.e., sensitive data/keys.

Designers of cryptographic implementations aim to reduce information leakage as much as possible and assess how much leakage can be allowed without compromising security requirements. Despite the existence of many works on profiled power analysis, it is still notoriously difficult to state under which conditions a cryptographic implementation provides sufficient protection against a profiling attacker with certain capabilities. In particular, it is unknown when a BP-based attack is optimal or whether tuning some heuristics in that algorithm may significant strengthen the attack.

This knowledge gap led us to investigate the effectiveness of BP for SASCAs by studying the modes of failures of BP in the context of the SASCA, and systematically analyzing the behavior of BP on practically-relevant factor graphs. We use exact inference to gauge the quality of the approximation provided by BP. Through this assessment, we show that there exists a significant disparity between BP and exact inference in terms of guessing entropy when performing SASCAs on several classes of factor graphs. We further review and analyze various BP improvement heuristics from the literature.

BibTeX
@article{cic-2025-34908,
  title={On Loopy Belief Propagation for SASCAs},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 4},
  url={https://cic.iacr.org/p/1/4/15},
  doi={10.62056/ayl8ksdja},
  author={Rishub Nagpal and Gaëtan Cassiers and Robert Primas and Christian Knoll and Franz Pernkopf and Stefan Mangard},
  year=2025
}