DeePar-SCA: Breaking Parallel Architectures of Lattice Cryptography via Learning Based Side-Channel Attacks Furkan Aydin () , Priyank Kashyap () , Seetal Potluri, Paul Franzon, and Aydin Aysu North Carolina State University, Raleigh NC 27606, USA {faydn,pkashya2,spotlur2,paulf,aaysu}@ncsu.edu Abstract. This paper proposes the first deep-learning based side-channel attacks on post-quantum key-exchange protocols. We target hardware implementations of two lattice-based key-exchange protocols—Frodo and NewHope—and analyze power side-channels of the security-critical arithmetic functions. The challenge in applying side-channel attacks stems from the single-trace nature of the protocols: each new execution will use a fresh and unique key, limiting the adversary to a single power measurement. Although such single-trace attacks are known, they have been so far constrained to sequentialized designs running on simple micro- controllers. By using deep-learning and data augmentation techniques, we extend those attacks to break parallelized hardware designs, and we quantify the attack’s limitations. Specifically, we demonstrate single-trace deep-learning based attacks that outperform traditional attacks such as horizontal differential power analysis and template attacks by up to 900% and 25%, respectively. The developed attacks can therefore break implementations that are otherwise secure, motivating active countermeasures even on parallel architectures for key-exchange protocols. Keywords: Deep-Learning · Power side-channels · Lattice-based key-exchange protocols. 1 Introduction Key-exchange protocols enable computers to communicate over a public, insecure chan- nel by establishing a secure session key. Lattice-based key-exchange protocols are ver- satile post-quantum alternatives, which have already found industry adoption even prior to the National Institute of Standards and Technology (NIST) post-quantum standard- ization. Google’s Chrome Canary web browser, e.g., used NewHope, a post-quantum key-exchange (PQKE) protocol to provide a quantum-secure connection [9]. While lattice-based cryptography provides efficient implementations and quantum resilience, their implementations have shown vulnerability against power side-channel attacks (SCAs) in the context of public-key encryption or digital signatures [3,16,32,37]. These attacks exploit the correlation between the power consumption of a cryptographic device and the secret-key dependent computations. Conventional attacks such as the dif- ferential power analysis (DPA) finds the secret-key by extracting this small correlation from noise through collecting a large number of traces. DPA on PQKE protocols is, however, impractical because these protocols generate a new secret-key for each key- exchange session. Therefore, the attacker is limited to a single power measurement for applying the SCA.