Minhui Jin,Mengce Zheng,Honggang Hu,Nenghai Yu

DOI: https://doi.org/10.48550/arXiv.2009.08898

2020-09-18

Abstract:In recent years, the convolutional neural networks (CNNs) have received a lot of interest in the side-channel community. The previous work has shown that CNNs have the potential of breaking the cryptographic algorithm protected with masking or desynchronization. Before, several CNN models have been exploited, reaching the same or even better level of performance compared to the traditional side-channel attack (SCA). In this paper, we investigate the architecture of Residual Network and build a new CNN model called attention network. To enhance the power of the attention network, we introduce an attention mechanism - Convolutional Block Attention Module (CBAM) and incorporate CBAM into the CNN architecture. CBAM points out the informative points of the input traces and makes the attention network focus on the relevant leakages of the measurements. It is able to improve the performance of the CNNs. Because the irrelevant points will introduce the extra noises and cause a worse performance of attacks. We compare our attention network with the one designed for the masking AES implementation called ASCAD network in this paper. We show that the attention network has a better performance than the ASCAD network. Finally, a new visualization method, named Class Gradient Visualization (CGV) is proposed to recognize which points of the input traces have a positive influence on the predicted result of the neural networks. In another aspect, it can explain why the attention network is superior to the ASCAD network. We validate the attention network through extensive experiments on four public datasets and demonstrate that the attention network is efficient in different AES implementations.

Cryptography and Security

Yun Xiang,Yongchao Xu,Yingjie Li,Wen Ma,Qi Xuan,Yi Liu

DOI: https://doi.org/10.1109/tcsii.2020.3012005

2021-01-01

Abstract:Deep neural networks are becoming increasingly popular. However, they are also vulnerable to adversarial attacks. The existing attack methods include white-box attack and black-box attack. The white-box attack assumes full model knowledge while the black-box one assumes none. In this brief, we propose a novel attack method between these two. Specifically, we have made the following contributions: (1) we propose the gray-box attack, which utilizes the side-channel attack to predict the model structure based on a pre-trained classifier and (2) we validate our method on real-world experiments. The experimental results show that our gray-box attack can significantly outperform the existing techniques.

Pengfei He,Ying Zhang,Han Gan,Jianfei Ma,Hongxin Zhang

DOI: https://doi.org/10.1016/j.compeleceng.2024.109515

IF: 4.152

2024-01-01

Computers & Electrical Engineering

Abstract:One widely utilized attack technique for side-channel attacks is deep learning. However, the efficiency of deep learning attacks can be impacted by the differences in data collected from various devices or environmental conditions. These differences arise from factors such as hardware discrepancies, environmental noise, and countermeasures. Such differences can disrupt the correlation between the leaked information from the target device during operations and sensitive data, leading to failures in the attacks. In order to better extract the feature information and temporal information of traces in this challenge, we propose an Attention Mechanism and Multi-Scale Convolutional Neural Network (AMCNNet). The critical components of the AMCNNet are the multi-scale convolution module and the feature extraction module. The multi-scale convolution module extracts feature of different scales from traces, improving the network's ability to capture high-level meanings and details. Then, the feature extraction module dynamically weights and rescales the features to better captures the long-term dependencies in the traces.. Through experiments conducted on publicly available datasets such as DPA Contest v4, ASCAD, and AES_HD, as well as analyzing the guessing entropy, the experimental results demonstrate that the network exhibits strong generalization capability and robustness across datasets with diverse features.

Amjed Abbas Ahmed,Mohammad Kamrul Hasan,Shayla Islam,Azana Hafizah Mohd Aman,Nurhizam Safie

DOI: https://doi.org/10.5755/j02.eie.33995

2023-09-07

Elektronika ir Elektrotechnika

Abstract:Deep learning (DL) is a new option that has just been made available for side-channel analysis. DL approaches for profiled side-channel attacks (SCA) have dominated research till now. In this attack, the attacker has complete control over the profiling device and can collect many traces for a range of critical parameters to characterise device leakage before the attack. In this study, we apply DL algorithms to non-profiled data. An attacker can only retrieve a limited number of side-channel traces from a closed device with an unknown key value in non-profiled mode. The authors conducted this research. Key estimations and deep learning measurements can reveal the secret key. We prove that this is doable. This technology is excellent for non-profits. DL and neural networks can benefit these organisations. Neural networks can provide a new technique to verify the safety of hardware cryptographic algorithms. It was recently suggested. This study creates a non-profiled SCA utilising convolutional neural networks (CNNs) on an AVR microcontroller with 8 bits of memory and the AES-128 cryptographic algorithm. We used aligned power traces with several samples to demonstrate how challenging CNN-based SCA is in practise. This will help us reach our goals. Here is another technique to create a solid CNN data set. In particular, CNN-based SCA experiment data and noise effects are examined. These experiments employ power traces with Gaussian noise. The CNN-based SCA works well with our data set for non-profiled attacks. Gaussian noise on power traces causes many more issues. These results show that our method can recover more bytes successfully from SCA compared to other methods in correlation power analysis (CPA) and DL-SCA without regularisation.

engineering, electrical & electronic

Wenye Liu,Chip-Hong Chang,Fan Zhang

DOI: https://doi.org/10.1109/tifs.2020.3046858

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deep neural network (DNN) accelerators overcome the power and memory walls for executing neural-net models locally on edge-computing devices to support sophisticated AI applications. The advocacy of “model once, run optimized anywhere” paradigm introduces potential new security threat to edge intelligence that is methodologically different from the well-known adversarial examples. Existing adversarial examples modify the input samples presented to an AI application either digitally or physically to cause a misclassification. Nevertheless, these input-based perturbations are not robust or surreptitious on multi-view target. To generate a good adversarial example for misclassifying a real-world target of variational viewing angle, lighting and distance, a decent number of target’s samples are required to extract the rare anomalies that can cross the decision boundary. The feasible perturbations are substantial and visually perceptible. In this paper, we propose a new glitch injection attack on DNN accelerator that is capable of misclassifying a target under variational viewpoints. The glitches injected into the computation clock signal induce transitory but disruptive errors in the intermediate results of the multiply-and-accumulate (MAC) operations. The attack pattern for each target of interest consists of sparse instantaneous glitches, which can be derived from just one sample of the target. Two modes of attack patterns are derived, and their effectiveness are demonstrated on four representative ImageNet models implemented on the Deep-learning Processing Unit (DPU) of FPGA edge and its DNN development toolchain. The attack success rates are evaluated on 118 objects in 61 diverse sensing conditions, including 25 viewing angles (−60° to 60°), 24 illumination directions and 12 color temperatures. In the covert mode, the success rates of our attack exceed existing stealthy adversarial examples by more than 16.3%, with only two glitches injected into ten thousands to a million cycles for one complete inference. In the robust mode, the attack success rates on all four DNNs are more than 96.2% with an average glitch intensity of 1.4% and a maximum glitch intensity of 10.2%.

Guanlin Li,Chang Liu,Han Yu,Yanhong Fan,Libang Zhang,Zongyue Wang,Meiqin Wang

DOI: https://doi.org/10.48550/arXiv.2008.00476

2020-08-02

Cryptography and Security

Abstract:The side-channel attack is an attack method based on the information gained about implementations of computer systems, rather than weaknesses in algorithms. Information about system characteristics such as power consumption, electromagnetic leaks and sound can be exploited by the side-channel attack to compromise the system. Much research effort has been directed towards this field. However, such an attack still requires strong skills, thus can only be performed effectively by experts. Here, we propose SCNet, which automatically performs side-channel attacks. And we also design this network combining with side-channel domain knowledge and different deep learning model to improve the performance and better to explain the result. The results show that our model achieves good performance with fewer parameters. The proposed model is a useful tool for automatically testing the robustness of computer systems.

Yanbin Li,Jiajie Zhu,Zhe Liu,Ming Tang,Shougang Ren

DOI: https://doi.org/10.1109/tifs.2024.3350375

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:While side-channel attacks (SCAs) have become a significant threat to cryptographic algorithms, masking is considered as an effective countermeasure against SCAs. On the one hand, securely implementing the scheme is a challenging and error-prone task. It is essential to detect leakage in a complicated cryptographic circuit. However, the traditional method of leakage detection is always inaccuracy or time consumption. On the other hand, the deep learning-based power attacks have shown their threat to the masking without combining functions. Compared to the leakage detection done under the traditional provable security framework, the security evaluation against deep learning-based attacks at the pre-silicon stage has not been discussed. To this end, this paper investigates the strategies of leveraging the deep learning techniques to achieve an efficient leakage location method. In this paper, we present the first approach utilizing deep learning-based leakage location for both unprotected and protected implementations at the pre-silicon stage. Firstly, we propose the leakage location method named Gradient Visualization-based location (GVL), which provides leakage location at the different levels of design. Gradient visualization is known as a sensitivity analysis method to understand better how a natural network can learn to predict the sensitive label based on the input. We theoretically show how the gradient visualization can be used to locate leakage components in the netlist efficiently. Moreover, we link the result with the metric in deep learning-based leakage assessment, which fills the lack of leakage evaluation at the pre-silicon stage against deep learning-based SCAs. We further confirm the effectiveness of the proposed method on unprotected implementation, low entropy masked implementation, and provable secure masked implementation. The results show that the proposed methodology outperforms the traditional location methods in the masked cases, where the time consumption is reduced by about 2x to 10x with fewer false negatives and no false positives.

computer science, theory & methods,engineering, electrical & electronic

Guang Yang,Huizhong Li,Jingdian Ming,Yongbin Zhou

DOI: https://doi.org/10.1007/978-3-030-15462-2_1

2018-01-01

Abstract:Profiled attacks play a fundamental role in the evaluation of cryptographic implementation worst-case security. For the past sixteen years, great efforts have been paid to develop profiled attacks from Template Attacks to deep learning based attacks. However, most attacks are performed in time domain - may lose frequency domain information. In this paper, to utilize leakage information more effectively, we propose a novel deep learning based side-channel attack in time-frequency representations. By exploiting time-frequency patterns and extracting high level key-related features in spectrograms simultaneously, we aim to maximize the potential of convolutional neural networks in profiled attacks. Firstly, an effective network architecture is deployed to perform successful attacks. Secondly, some critical parameters in spectrogram are studied for better training the network. Moreover, we compare Template Attacks and CNN-based attacks in both time and time-frequency domain with public datasets. The heuristic results in these experiments provide a new perspective that CNN-based attacks in spectrograms give a very feasible option to the state-of-the-art profiled attacks.

Runlian Zhang,Minghui Hou,Wentao Cheng,Xiaonian Wu

DOI: https://doi.org/10.1145/3665348.3665388

2024-01-01

Abstract:Aiming at the problem of model construction and feature extraction optimization in deep learning side channel attacks, a model construction method combining attention mechanism and densely connected convolutional network is proposed, and the model is used to carry out side channel attacks. The attention mechanism combines channel attention and spatial attention, which helps to the proposed model effectively select sample points with high signal-to-noise ratio in the traces and assign weights, and then the feature extraction ability of the proposed model is improved. Furthermore, the densely connected convolutional network makes the enhanced features clearer and transmission of gradients more effective through dense connections, which would improve the training effect of the model. The tested results on four public data sets of the AES algorithm show that, compared with the existing deep learning side-channel attack models, the attention mechanism can effectively improve the feature extraction ability of the proposed model, so that the model have more adaptable to different datasets, then the number of traces needed to complete key recovery is reduced.

Junyi Wei,Yicheng Zhang,Zhe Zhou,Zhou Li,Mohammad Abdullah Al Faruque

DOI: https://doi.org/10.1109/dsn48063.2020.00031

2020-01-01

Abstract:Machine learning has been attracting strong interests in recent years. Numerous companies have invested great efforts and resources to develop customized deep-learning models, which are their key intellectual properties. In this work, we investigate to what extent the secret of deep-learning models can be inferred by attackers. In particular, we focus on the scenario that a model developer and an adversary share the same GPU when training a Deep Neural Network (DNN) model. We exploit the GPU side-channel based on context-switching penalties. This side-channel allows us to extract the fine-grained structural secret of a DNN model, including its layer composition and hyper-parameters. Leveraging this side-channel, we developed an attack prototype named MosConS, which applies LSTM-based inference models to identify the structural secret. Our evaluation of MosConS shows the structural information can be accurately recovered. Therefore, we believe new defense mechanisms should be developed to protect training against the GPU side-channel.

Pei Cao,Chi Zhang,Xiangjun Lu,Dawu Gu,Sen Xu

DOI: https://doi.org/10.1109/tifs.2022.3216959

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, deep learning techniques have received significant attention in the side-channel community due to their state-of-the-art performance in profiled attacks against embedded devices. Compared with template attacks, deep learning-based attacks can deal with the high dimensionality of trace and misalignment without pre-processing. However, the performance of attacks is very sensitive to the network architecture, especially when considering masking countermeasures. Although previous works have shown the potential of neural networks to break the first-order masking, the inner-working of how the network combines the leakage of mask and masked value is still unclear and could be suboptimal. To reduce this gap, we propose to embed product combination, which has been proved to be the best combination function in noisy situations, into the design of neural networks. To this end, we introduce a bilinear convolutional neural network (in short, B-CNN) for efficient profiled attacks against the widely used masking countermeasure. In order to interpret the inner-working and decision-making of B-CNN, we propose a new visualization tool called layer-wise correlation that can reveal the points of interest and help to understand the combination of leakages. We evaluate our networks on several public datasets, e.g., ASCAD and CHES CTF 2018. The results indicate that B-CNN converges significantly faster than classic CNN models, even using a very limited number of profiling traces (e.g., 8000 profiling traces for the ASCAD dataset). Moreover, our networks perform even systematically better (w.r.t. the number of attack traces) than the current state-of-the-art results on all the investigated datasets.

Qiang Zhou,Baolei Mao,Maoyuan Qin,Wei Hu,Fanfei Meng,Mingzhu Fang

DOI: https://doi.org/10.1109/iccc59590.2023.10507675

2023-01-01

Abstract:Side-channel attacks have been proven to be effective for retrieving secret keys by exploiting implementation vulnerabilities in encryption function. In recent years, deep learning techniques have been integrated into profiled side-channel attacks to achieve outstanding results. However, most state-of-the-art work only conducts attacks under ideal conditions where the profiling device (template device) and the target device are identical. The profiling traces are from the profiling device and the attack traces are from the target device. Unfortunately, constructing a template device is challenging and a flawed template device will lead to discrepancies between the profiling and the target devices. This inconsistent data distribution and discrepancies hamper the profiled SCA. To address these issues, we propose a domain generalization-based side-channel attack architecture called DGSCA. Especially, We simulate a scenario where the acquisition of target data is challenging and can’t be used for model training. Initially, we combine the Deep CORAL method with Mixup to deserve domain invariant representations across source domains. Subsequently, we integrate meta-learning into the DGSCA framework to enhance the model’s generalization ability, which is accomplished by randomly partitioning the source and target domains and leveraging the knowledge gained from the source domain to improve the attack result in the target domain. Moreover, we implement four different deep learning models (MLP, CNN, ResNet, DenseNet) and evaluate the DGSCA framework using the publicly available ASCAD dataset. The experimental results on the ASCAD desynchronous dataset show that our method successfully recovers the key within 1665 traces and demonstrate the scalability and generality of our proposed framework.

Ngoc‐Tuan Do,Van‐Phuc Hoang,Van Sang Doan,Cong‐Kha Pham

DOI: https://doi.org/10.1049/ise2.12102

2022-12-22

IET Information Security

Abstract:This paper proposes and evaluates the applications of different DL techniques including the Convolutional Neural Network (CNN) and the multilayer perceptron (MLP) models for non‐profiled attacks on the AES‐128 encryption implementation. Along with the designed models, a dataset reconstruction and labelling technique for the proposed model has also been performed for solving the high dimension data and imbalanced dataset problem. As a result, the DL‐based SCA with our reconstructed dataset for different targets of ASCAD, RISC‐V microcontroller, and ChipWhisperer boards has achieved a higher performance of non‐profiled attacks. The experimental results have clarified that the exponential linear unit (ELU) function is better than the rectified linear unit (ReLU) in taking the correct key with the presence of the Gaussian noise. In modern embedded systems, security issues including side‐channel attacks (SCAs) are becoming of paramount importance since the embedded devices are ubiquitous in many categories of consumer electronics. Recently, deep learning (DL) has been introduced as a new promising approach for profiled and non‐profiled SCAs. This paper proposes and evaluates the applications of different DL techniques including the Convolutional Neural Network and the multilayer perceptron models for non‐profiled attacks on the AES‐128 encryption implementation. Especially, the proposed network is fine‐tuned with different number of hidden layers, labelling techniques and activation functions. Along with the designed models, a dataset reconstruction and labelling technique for the proposed model has also been performed for solving the high dimension data and imbalanced dataset problem. As a result, the DL based SCA with our reconstructed dataset for different targets of ASCAD, RISC‐V microcontroller, and ChipWhisperer boards has achieved a higher performance of non‐profiled attacks. Specifically, necessary investigations to evaluate the efficiency of the proposed techniques against different SCA countermeasures, such as masking and hiding, have been performed. In addition, the effect of the activation function on the proposed DL models was investigated. The experimental results have clarified that the exponential linear unit function is better than the rectified linear unit in fighting against noise generation‐based hiding countermeasure.

computer science, information systems, theory & methods

Xiang Li,Ning Yang,Aidong Chen,Weifeng Liu,Xiaoxiao Liu,Na Huang

DOI: https://doi.org/10.1007/978-981-19-8445-7_7

2022-01-01

Abstract:Since the beginning of the 21st century, modern information technology and electronic integrated circuit technology have developed rapidly. In the chip industry, the ability to resist side-channel attacks has become an important indicator for international mainstream evaluation agencies to evaluate chip security. This paper proposes an improved method for side channel analysis based on the CNNbest model, incorporating a lightweight combined channel and space convolutional attention module, optimising the position of the attention module, improving the learning efficiency of key features of the power consumption curve, and effectively reducing the number of traces used by the attack model. The addition of dropout layer network structure solves the problem that the model is prone to rapid overfitting. The optimal value of drop rate is sought through comparative experiments to speed up the convergence of the model and reduce the number of traces required for a successful attack. The experimental results show that the number of traces required by the method in this paper for side-channel attacks is reduced by 88% compared with the original model, which significantly improves the attack performance and can meet the requirements of side-channel modeling and analysis.

Lingxiao Wei,Bo Luo,Yu Li,Yannan Liu,Qiang Xu

DOI: https://doi.org/10.48550/arXiv.1803.05847

2018-03-05

Computer Vision and Pattern Recognition

Abstract:Deep learning has become the de-facto computational paradigm for various kinds of perception problems, including many privacy-sensitive applications such as online medical image analysis. No doubt to say, the data privacy of these deep learning systems is a serious concern. Different from previous research focusing on exploiting privacy leakage from deep learning models, in this paper, we present the first attack on the implementation of deep learning models. To be specific, we perform the attack on an FPGA-based convolutional neural network accelerator and we manage to recover the input image from the collected power traces without knowing the detailed parameters in the neural network. For the MNIST dataset, our power side-channel attack is able to achieve up to 89% recognition accuracy.

Tang, Ming

DOI: https://doi.org/10.1007/s10207-024-00874-4

2024-06-26

International Journal of Information Security

Abstract:Deep Learning-based Side-Channel Analysis (DL-SCA) has emerged as a powerful method in the field of side-channel analysis. Current works on DL-SCA primarily rely on publicly available datasets, which typically consist of well-organized and well-aligned training and attack sets. However, this disregards the challenges faced in real-world attacks, where the attack traces are not well-aligned with the training traces as attackers have different levels of control over profiling and attack devices. A network that is capable of identifying areas of leakage and subsequently predicting the leaked values can bypass such difficulty. Therefore, we proposed Arbitrary Trace Attacks, which are placed under the flexible scenario that provides training traces and attack traces with arbitrary sizes. To implement such attacks, we present the Arbitrary Convolutional Neural Network (ACNN), which scans the input trace of arbitrary sizes for leakage area identification and leakage value prediction using a sliding window. Experimental evaluation is conducted on two datasets DPAv4.2 and ASCAD to verify the effectiveness of our approach on unprotected and masked implementation respectively. As a result, the target leakage areas are detected with a significant frequency and the key recovery performance is on par with state-of-the-art. Moreover, the trained model shows the potential for detecting leakage in a general context, that is, detecting leakage of key bytes other than the target one.

computer science, information systems, theory & methods, software engineering

Han Qiu,Yi Zeng,Qinkai Zheng,Tianwei Zhang,Meikang Qiu,G. Memmi

2020-01-01

Abstract:Deep Neural Networks (DNNs) are well-known to be vulnerable to Adversarial Examples (AEs). A large amount of efforts have been spent to launch and heat the arms race between the attackers and defenders. Recently, advanced gradient-based attack techniques were proposed (e.g., BPDA and EOT), which have defeated a considerable number of existing defense methods. Up to today, there are still no satisfactory solutions that can effectively and efficiently defend against those attacks. In this paper, we make a steady step towards mitigating those advanced gradient-based attacks with two major contributions. First, we perform an in-depth analysis about the root causes of those attacks, and propose four properties that can break the fundamental assumptions of those attacks. Second, we identify a set of operations that can meet those properties. By integrating these operations, we design two preprocessing functions that can invalidate these powerful attacks. Extensive evaluations indicate that our solutions can effectively mitigate all existing standard and advanced attack techniques, and beat 11 state-of-the-art defense solutions published in top-tier conferences over the past 2 years. The defender can employ our solutions to constrain the attack success rate below 7% for the strongest attacks even the adversary has spent dozens of GPU hours.

Yoo-Seung Won,Xiaolu Hou,Dirmanto Jap,Jakub Breier,Shivam Bhasin

DOI: https://doi.org/10.1109/tifs.2021.3076928

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deep learning approaches have become popular for Side-Channel Analysis (SCA) in the recent years. Especially Convolutional Neural Networks (CNN) due to their natural ability to overcome jitter-based as well as masking countermeasures. Most of the recent works have been focusing on optimising the performance on given dataset, for example finding optimal architecture and using ensemble, and bypass the need for trace pre-processing. However, trace pre-processing is a long studied topic and several proven techniques exist in the literature. There is no straightforward manner to integrate those techniques into deep learning based SCA. In this paper, we propose a generic framework which allows seamless integration of multiple, user defined pre-processing techniques into the neural network architecture. The framework is based on Multi-scale Convolutional Neural Networks ( $mathsf {MCNN}$ ) that were originally proposed for time series analysis. $mathsf {MCNN}$ are composed of multiple branches that can apply independent transformation to input data in each branch to extract the relevant features and allowing a better generalization of the model. In terms of SCA, these transformations can be used for integration of pre-processing techniques, such as phase-only correlation, principal component analysis, alignment methods, etc. We present successful results on generic network which generalizes to different publicly available datasets. Our findings show that it is possible to design a network that can be used in a more general way to analyze side-channel leakage traces and perform well across datasets.

computer science, theory & methods,engineering, electrical & electronic

Yohaï-Eliel Berreby,Laurent Sauvage

2023-09-23

Abstract:Over the past few years, deep learning has been getting progressively more popular for the exploitation of side-channel vulnerabilities in embedded cryptographic applications, as it offers advantages in terms of the amount of attack traces required for effective key recovery. A number of effective attacks using neural networks have already been published, but reducing their cost in terms of the amount of computing resources and data required is an ever-present goal, which we pursue in this work. We focus on the ANSSI Side-Channel Attack Database (ASCAD), and produce a JAX-based framework for deep-learning-based SCA, with which we reproduce a selection of previous results and build upon them in an attempt to improve their performance. We also investigate the effectiveness of various Transformer-based models.

Cryptography and Security,Artificial Intelligence

Marvin Staib,Amir Moradi

DOI: https://doi.org/10.46586/tches.v2023.i3.422-444

2023-06-09

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:With the breakthrough of Deep Neural Networks, many fields benefited from its enormously increasing performance. Although there is an increasing trend to utilize Deep Learning (DL) for Side-Channel Analysis (SCA) attacks, previous works made specific assumptions for the attack to work. Especially the concept of template attacks is widely adapted while not much attention was paid to other attack strategies. In this work, we present a new methodology, that is able to exploit side-channel collisions in a black-box setting. In particular, our attack is performed in a non-profiled setting and requires neither a hypothetical power model (or let’s say a many-to-one function) nor details about the underlying implementation. While the existing non-profiled DL attacks utilize training metrics to distinguish the correct key, our attack is more efficient by training a model that can be applied to recover multiple key portions, e.g., bytes. In order to perform our attack on raw traces instead of pre-selected samples, we further introduce a DL-based technique that can localize input-dependent leakages in masked implementations, e.g., the leakages associated to one byte of the cipher state in case of AES. We validated our approach by targeting several publicly available power consumption datasets measured from implementations protected by different masking schemes. As a concrete example, we demonstrate how to successfully recover the key bytes of the ASCAD dataset with only a single trained model in a non-profiled setting.