Paper 2026/301

Blind Leakage: Rethinking Deep Learning-based Non-Profiled Side-Channel Analysis

Abstract

Deep Learning-based Non-profiled Side-Channel Analysis (DL-NSCA) enables automated feature extraction and obviates the need for a profiling device. However, existing methods mostly rely on leakage from non-linear operations and require prior knowledge of the target algorithm and its plaintexts/ciphertexts, which restricts their applicability to black-box scenarios and proprietary implementations. Motivated by the ubiquity of plaintext-key XOR operations in cryptographic algorithms, this paper presents a new SCA perspective based on leakage from linear operations to enable cross-algorithm attacks. We first theoretically demonstrate that leakage from invertible linear operations, referred to as blind leakage, introduces two symmetric maxima of the correlations between key guesses and leakage (one for non-blind leakage), rendering existing distinguishers ineffective. To address this issue, we then propose a distinguisher, VS-GBA, applicable to both blind and non-blind leakage, and improve its robustness using a Gaussian Borda voting scheme. Experimental results on a high-noise ARM Cortex-M4 device demonstrate that our method enables effective cross-algorithm attacks on masked AES, ASCON, and PRESENT, and outperforms non-blind leakage attacks. Furthermore, attacking XTS-AES demonstrates that blind leakage exploitation extends the boundaries of DL-NSCA to scenarios where plaintexts/ciphertexts are XORed with a tweak.