A Side-Channel Attack for Recovering Keys in HMAC-SM3 Algorithm

Zhen Wu^1*Zhiguang Qin¹Kai Wang²

• ¹University of Electronic Science and Technology of China, Chengdu, China
• ²CHINA MERCHANTS GROUP TESTING & CERTIFICATION (CHONGQING) CO. LTD, Chongqing, China

Cyber-Physical-Social Systems(CPSS) face growing side-channel threats, compromising secure data transmission and authentication. As China's national cryptographic hash standard, SM3 is widely used in these systems for identity and data integrity, yet its key-dependent input vulnerabilities remain insufficiently tackled, particularly those exploitable through side-channel attacks. This study addresses critical limitations of traditional side-channel attacks for HMAC-SM3 key recovery: non-profiling approaches fail due to the absence of exploitable plaintext correlations, while profiling-based methods suffer from error accumulation and achieve extremely low success rates in single-trace scenarios . To overcome these bottlenecks, we propose a novel self-calibrating side-channel attack that enables high-accuracy key input recovery for HMAC-SM3 using only a single power trace. The method constructs a Bayesian network to integrate power consumption trace statistics with prior knowledge of input dependencies, employing belief propagation for joint probabilistic inference. The experimental tests showed that key recovery achieved 100% success under simulated noiseless conditions, a success rate of 91.45% on a real smart card system, and remained 73% effective at a signal-to-noise ratio of 10 dB. This paper identifies new security risks for key-bearing objects in Cyber-Physical-Social Systems and provides theoretical foundations for effective countermeasures.