Paper 2026/274

From linear regression to generative model for explainable non profiled side-channel attacks

Sana Boussam, Inria Saclay - Île-de-France Research Centre, Institut Polytechnique de Paris, Thales ITSEF (France)
Mathieu Carbone, Thales ITSEF (France)
Benoît Gérard, ANSSI (France)
Guénaël Renault, ANSSI (France), Inria Saclay - Île-de-France Research Centre, Institut Polytechnique de Paris
Gabriel Zaid, CryptoExperts (France)
Abstract

Non profiled side-channel attacks aim at exploiting leakage traces from a targeted embedded system to extract secret information, without a priori knowledge on the true leakage model of the device. To automate and simplify attacks, deep learning techniques have thus been introduced in the side-channel community. Most of the works published have mainly explored the use of discriminative models in the profiled or non profiled context. However, the lack of interpretability and explainability of these models constitutes a major limitation for security laboratory. Indeed, the lack of theoretical results regarding the choice of neural network architectures or the selection of appropriate loss functions poses significant challenges for evaluators seeking to construct a relevant and suitable model for the targeted leakage traces. To address the aforementioned limitations, we propose in this work a novel conditional generative model, specifically designed to carry out non profiled attacks, which is fully interpretable and explainable. To do so, we develop a novel model that fits to the non profiled context. To guarantee the interpretability and explainability of our model, we provide theoretical results to justify both its architecture, and a new loss function for its optimization process. We further propose a key recovery strategy based on our model that requires no leakage model assumptions. As a consequence, our work represents thus the first interpretable and generic (i.e. no a priori knowledge on the leakage model is required) non profiled deep learning-based side-channel attacks. Moreover, to emphasise the benefits of our new model in comparison with conventional linear regression based attack (LRA), we also provide a theoretical comparative analysis on the deterministic part estimation for different Gaussian noise configurations. Finally, we experimentally validate and compare the attack performances of our model with LRA and state-of-the-art discriminative-models-based non profiled attacks using simulations and various publicly available datasets.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Side-Channel AttacksNon profiled attacksGenerative modelsVariational AutoEncoderLinear Regression
Contact author(s)
sana boussam @ inria fr
mathieu carbone @ thalesgroup com
benoit gerard @ ssi gouv fr
guenael renault @ ssi gouv fr
gabriel zaid @ cryptoexperts com
History
2026-02-17: approved
2026-02-16: received
See all versions
Short URL
https://ia.cr/2026/274
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2026/274,
      author = {Sana Boussam and Mathieu Carbone and Benoît Gérard and Guénaël Renault and Gabriel Zaid},
      title = {From linear regression to generative model for explainable non profiled side-channel attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/274},
      year = {2026},
      url = {https://eprint.iacr.org/2026/274}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.