4

I am trying to implement the correlation power analysis attack. I have a hardware AES for which I found a trigger which defines the start of the AES calculations. After that I performed an EM curves acquisition.

It is the first time that I have some traces so I have some questions about my trace:

  1. According to my trace, the x-axis is the time and the y-axis is the energy consumption. Is there any software that helps me to plot my trace more clearly and make them more comprehensive?

  2. It is clear that I have some noise in my trace. So how to avoid that noise? which type of filter must do? Must I use a low pass filter or a high pass filter, I need to see my 10 rounds clearly to analyse? What are the steps that I must take?

  3. Why there are an important possibility to make our attack in the first and last round of the AES?

  4. Some explanation about CPA:'We can use the Hamming Distance model in our CPA attacks. If we can find a point in the encryption algorithm where the victim changes a variable from x to y, then we can estimate that the power consumption is proportional to Hamming Distance(x, y)' I really don't understand the relation between the CPA and the hamming distance. Can anybody explain?

  5. Is there any software that helps me to make my CPA, given my curves?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
nani92
  • 133
  • 8
  • 1
    Importantly: is that the trace a single event, the average of several acquisitions, or the result of some computation? Do you have any clue about what the spike at 5700 is? What's the X unit? This article might help. The following article used to be nice, but seems to have lost its images part 1 part 2 part 3. – fgrieu Feb 06 '17 at 16:35
  • I've reformatted your question. Note that Q1 and Q5 are off topic here. – Maarten Bodewes Feb 06 '17 at 17:03
  • 3
    What does your graph even show? If the Y axis is some sort of power equivalent, and the X axis is time, you can extract the power at each clock pulse and thereby know the 0, 1 count. BTW, it helps if you know about the hardware because the two times I've looked at this, once the key was loaded in serially from a cleared 128-bit register. You could easily see each bit. – b degnan Feb 06 '17 at 18:51

1 Answers1

3

Answer to the 1st and 5th question :

For the CHES 2016 (Cryptographic Hardware and Embedded Systems), a video has been made to explain how to perform a CPA. There is a wiki associated to the video and the code of the attack is available on it.

Answer to the 2nd question :

For a CPA, you don't need to use a filter : increase the number of measure (number of AES that you perform) should be enough to find the key. Furthemore, you only need to see the round that you attack to find the key.

Answer to the 3rd question :

You can find the answer on the topic of crypto stack exchange named "What is the difference between perfoming Correlation Power Analysis (CPA) in the first AES round and doing it in the last round?".

Answer to the 4th question :

The Hamming weight model is a basic power model which is based on the assumption that the amount of power consumed is proportional to the number of bits that are logic '1' during an operation. Typically, if you initialize a variable to the value of Sbox[x ^ y], the consumption used will be correlated to the number of bytes set to 1 in this value. For more information about it, see the .pdf available online : "Differential Power Analysis attacks on AES" from Kevin Meritt.

e-sushi
  • 17,891
  • 12
  • 83
  • 229
kingsjester
  • 161
  • 2
  • 8