A Study of Inference-Based Attacks with Neural Network Classifiers

  • Joseph A F Green

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


Belief Propagation is a message-passing algorithm used to propagate information in probabilistic graphical models. In 2014 it was shown that, in theory, Belief Propagation can be applied to Side Channel Analysis through an approach in which one can recover information on the secret data of a cryptographic encryption algorithm by observing variations in power consumption or electromagnetic radiation.

In this thesis we explore the viability of such an attack in a real-world scenario and devise implementations to make the approach tractable in terms of its algorithmic and data complexity.

We explore the construction of a factor graph (a bipartite graphical representation) of the AES cryptographic algorithm, showing that not all leakage points are useful in an attack. We propose implementation improvements that significantly reduce its memory overhead. We also provide a method that guarantees convergence at the cost of a small amount of information loss.
We demonstrate that a combination of these proposed methods yields a significantly improved attack in terms of memory complexity and practical runtime.

Neural networks have been applied to assist profiled side channel attacks.
We contribute a new application of neural networks for inference based attacks in which we train networks for the variable nodes existing in the factor graph representation of AES. We show that popular network structures do not guarantee positive results and demonstrate that choice of performance metrics is critical in order to obtain stable results.

Our analysis indicates that there is no 'one size fits all' model.
However, we produce a network that yields reasonable classification across all important intermediates. The results are compared to other profiling methods in two ways: through per-trace classification, and a combined approach using the Belief Propagation algorithm. We observe that the neural network assisted Belief Propagation attack outperforms classical profiling methods such as Gaussian Templating and Linear Discriminant Analysis.
Date of Award28 Nov 2019
Original languageEnglish
Awarding Institution
  • The University of Bristol
SupervisorDaniel Page (Supervisor) & Elisabeth Oswald (Supervisor)


  • Belief Propagation
  • Cryptography
  • Python
  • Side Channel Attacks
  • Deep Learning
  • Machine Learning

Cite this