Existing power analysis techniques rely on strong adversary models with prior knowledge of the leakage or training data. We introduce side-channel analysis with unsupervised learning (SCAUL) that can recover the secret key without requiring prior knowledge or profiling (training). We employ an LSTM auto-encoder to extract features from power traces with high mutual information with the data-dependent samples of the measurements. We demonstrate that by replacing the raw measurements with the auto-encoder features in a classical DPA attack, the efficiency, in terms of required number of measurements for key recovery, improves by 10X. Further, we employ these features to identify a leakage model with sensitivity analysis and multi-layer perceptron (MLP) networks. SCAUL uses the auto-encoder features and the leakage model, obtained in an unsupervised approach, to find the correct key. On a lightweight implementation of AES on Artix-7 FPGA, we show that SCAUL is able to recover the correct key with 3,700 power measurements with random plaintexts, while a DPA attack requires at least 17,400 measurements. Using misaligned traces, with an uncertainty equal to 20 percent of the hardware clock cycle, SCAUL is able to recover the secret key with 12,300 measurements while the DPA attack fails to detect the key.

中文翻译：

---

SCAUL：无监督学习的功率侧信道分析

现有的功率分析技术依赖于具有泄漏或训练数据先验知识的强大对手模型。我们通过无监督学习 (SCAUL) 引入侧信道分析，无需先验知识或分析（训练）即可恢复密钥。我们使用 LSTM 自动编码器从具有高互信息的功率轨迹中提取特征，并使用测量的数据相关样本。我们证明，通过在经典 DPA 攻击中用自动编码器功能替换原始测量值，就密钥恢复所需的测量次数而言，效率提高了 10 倍。此外，我们利用这些特征来识别具有敏感性分析和多层感知器 (MLP) 网络的泄漏模型。SCAUL 使用自动编码器功能和泄漏模型，以无监督方法获得，以找到正确的密钥。在 Artix-7 FPGA 上的轻量级 AES 实现中，我们表明 SCAUL 能够使用随机明文进行 3,700 次功率测量恢复正确的密钥，而 DPA 攻击至少需要 17,400 次测量。使用未对齐的轨迹，不确定性等于硬件时钟周期的 20%，SCAUL 能够通过 12,300 次测量恢复密钥，而 DPA 攻击无法检测到密钥。