Table of contents

Description

  • Speaker

    Lorenzo CASALINO - CentraleSupélec

Deep neural networks (DNNs) undergo lengthy and expensive training procedures whose outcome - the DNN weights - represents a significant intellectual property asset to protect.

Side-channel analysis (SCA) has recently appeared as an effective approach to recover this confidential asset of DNN implementations.

Ding et al. (HOST’25) introduced MACPRUNING, a novel SCA countermeasure based on pruning, a performance-oriented Approximate Computing technique: at inference time, the implementation randomly prunes (or skips) non-important weights (i.e., with low contribution to the DNN’s accuracy) of the first layer, exponentially increasing the side-channel resilience of the protected DNN implementation.

In this presentation, we describe a preprocessing methodology taking advantage of a control-flow dependency intrinsic to the countermeasure's design.

Through practical experiments, we demonstrate the effectiveness of our methodology, recovering up to 96% of the important weights of a MACPruning-protected Multi-Layer Perceptron.
Moreover, we show how microarchitectural leakage improves the effectiveness of our methodology, even allowing for the recovery of up to 100% of the targeted non-important weights.
Lastly, by adapting our methodology, we elaborate on how the pruning mechanism, which depends on the importance of the weights, enables the circumvention of a control-flow-free MACPRUNING implementation.

With this last point, we identify the pruning mechanism underlying MACPRUNING as the root of the countermeasure’s vulnerability.

Practical infos

Next sessions

  • Sécurité physique du mécanisme d'encapsulation de clé Classic McEliece

    • March 20, 2026 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Brice Colombier - Laboratoire Hubert Curien, Université Jean Monnet, Saint-Étienne

    Le mécanisme d'encapsulation de clé Classic McEliece faisait partie des candidats toujours en lice au dernier tour du processus de standardisation de la cryptographie post-quantique initié par le NIST en 2016. Fondé sur les codes correcteurs d'erreurs, en particulier autour du cryptosystème de Niederreiter, sa sécurité n'a pas été fondamentalement remise en cause. Néanmoins, un aspect important du[…]

    • SemSecuElec

    • Implementation of cryptographic algorithm

  • Protection des processeurs modernes face à la vulnérabilité Spectre

    • April 24, 2026 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Herinomena ANDRIANATREHINA - Inria

    Dans la quête permanente d'une puissance de calcul plus rapide, les processeurs modernes utilisent des techniques permettant d'exploiter au maximum leurs ressources. Parmi ces techniques, l'exécution spéculative tente de prédire le résultat des instructions dont l'issue n'est pas encore connue, mais dont dépend la suite du programme. Cela permet au processeur d'éviter d'être inactif. Cependant,[…]

    • SemSecuElec

    • Micro-architectural vulnerabilities

Show previous sessions
Page top