# Project Requirement: Deep Learning Side-Channel Analysis Pipeline for 3DES Smartcards ## Project Overview We are seeking an experienced security engineer / machine learning specialist to update and correct an existing Deep Learning-based Side-Channel Analysis (SCA) pipeline for Triple-DES (3DES) smartcards. The current pipeline successfully recovers session keys from known-input traces but produces incorrect 3DES keys when applied to blind forensic traces, despite achieving 100% attack success rate. ## Background The existing pipeline implements a hypothesis-based profiling attack using Multi-Layer Perceptrons (MLP) to extract 3DES session keys (K_ENC, K_MAC, K_DEK) from electromagnetic traces. While the system achieves 100% recovery on standard datasets (Mastercard/Visa with known inputs), it fails to derive correct 3DES keys on blind traces (GreenVisa dataset) where input logs are corrupted or missing. ## Technical Requirements ### Current Implementation Details - **Target Algorithm**: Triple-DES in Outer CBC mode - **Attack Model**: Per S-box identity leakage model (16-class classification) - **Architecture**: 24 independent MLP models (8 per key component) - **Network Structure**: - Input: 100 Points of Interest (POI) - Hidden Layer 1: 400 neurons + ReLU + Batch Normalization - Hidden Layer 2: 200 neurons + ReLU + Dropout (0.3) - Output: 16 neurons + Softmax - **Optimizer**: Adam (learning rate = 1e-3) - **Loss Function**: Categorical Crossentropy - **Pre-processing**: Z-score normalization, Sum of Absolute Differences feature selection ### Current Issue The pipeline achieves: - Training accuracy: >99.2% - Attack success (known inputs): 100% with single trace - Attack success (blind traces): 100% with single trace (using hypothesis solver) **However, the recovered 3DES keys for blind traces are cryptographically invalid/incorrect**, despite satisfying internal consistency checks (parity bits, weak-key detection, structural constraints). ## Required Updates ### 1. **Root Cause Analysis** - Investigate why recovered keys from blind traces are incorrect despite 100% attack success - Analyze hypothesis solver's determination of null vector as true input - Validate S-box collision resolution logic (currently reduces search from 2^48 to 2^8) ### 2. **Pipeline Corrections** - Fix key derivation logic to ensure cryptographically valid 3DES keys - Validate key expansion and parity bit handling according to FIPS 46-3 - Implement additional cryptographic consistency checks - Verify PC-1 and PC-2 permutation operations ### 3. **Blind Input Solver Enhancement** - Improve hypothesis space exploration beyond null vector assumption - Implement multiple hypothesis validation with cross-validation - Add statistical confidence metrics for hypothesis selection - Consider alternative input values based on APDU context ### 4. **Validation Framework** - Implement automated cryptographic validation of recovered keys - Add test vectors for known-key verification - Create regression test suite with synthetic blind traces - Develop metrics for key correctness beyond attack success rate ### 5. **Documentation Requirements** - Document corrected key derivation process - Provide analysis of why original pipeline failed on blind traces - Include validation procedures and test results - Update architecture diagrams and data flow ## Deliverables 1. **Updated Source Code** - Corrected Python implementation of the complete pipeline - All dependencies and requirements specified - Configuration files for both known-input and blind scenarios 2. **Test Suite** - Unit tests for cryptographic operations - Integration tests on Mastercard/Visa dataset - Validation tests on GreenVisa blind dataset - Performance benchmarks 3. **Technical Documentation** - Detailed explanation of corrections made - Analysis of root cause - User guide for running pipeline on new datasets - API documentation 4. **Validation Report** - Demonstration of correct key recovery on blind traces - Comparison with original pipeline results - Success metrics and confidence intervals ## Qualifications ### Required Skills - Strong background in side-channel analysis and cryptographic implementations - Experience with deep learning for security applications (DL-SCA) - Proficiency in Python and deep learning frameworks (TensorFlow/Keras or PyTorch) - Understanding of DES/3DES algorithm and key schedule - Experience with electromagnetic/power trace analysis ### Preferred Qualifications - Prior work on template attacks or profiling SCA - Knowledge of smartcard protocols (APDU, ISO/IEC 7816) - Experience with forensic analysis of secure elements - Publications in CHES, TCHES, or similar venues ## Application Requirements Interested freelancers should submit: 1. CV highlighting relevant SCA/DL experience 2. Examples of previous work on cryptographic implementations or side-channel analysis 3. Proposed approach and timeline 4. Estimated budget ## Additional Information The full dataset (Mastercard profiling, GreenVisa target traces) and current codebase will be provided to the selected candidate. NDA required due to sensitive nature of forensic data. *Note: This project requires understanding of both cryptographic implementations and modern deep learning techniques. Please only apply if you have demonstrable experience in both domains.*