In recent years, Side-Channel Attacks Assisted with Machine Learning aka SCAAML have been proven a very effective approach to carry-out side-channel attacks even against the toughest hardware cryptographic implementations in a semi-automatic manner.

Building on this line of work, this talk showcases how to take it a step further and demonstrates how to combine the recent advances in deep-learning explainability with dynamic execution to quickly assess which parts of a hardware cryptographic implementation are responsible for leaking the information exploited by a given side-channel attack.

Through a concrete example, TinyAES in STM32F4 , we will demo how our tool SCALD (Side-Channel Attack Leak Detector) implements this approach. SCALD is able to accurately trace back the origin of the leakage to the exact CPU instructions / lines of code responsible for it.