Discussions of performing power analysis, techniques, implementations, etc. Does not need to use ChipWhisperer.
#2116 by Ron
Sun Sep 09, 2018 5:11 pm
I see that the CPA attacks (as well as the template based profiling attacks) on the CW303 XMEGA Target are performed using the Hamming weight (HW) model.
I am not sure if HW model is the best suited, compared to the Hamming Distance (HD) model.

Can someone kindly explain why HW model is being used for the attack? I would presume that HW is suitable for devices with pre-charge phase (dynamic logic).

#2123 by Alex_Dewar
Wed Sep 12, 2018 12:47 pm
Hi Ron,

The Hamming Distance is what is being leaked by the microcontroller. The assumption we're making is that the Hamming Weight of the number we're looking for is the same as the Hamming Distance that we're measuring. You're right the reason this is a valid assumption is because the data lines are all reset/set before they're set to a new value.
#2126 by Ron
Wed Sep 12, 2018 11:36 pm
Thanks for the reply.
However, I am not sure if the microcontrollers are really reset after each clock. Is it not static CMOS logic implementation?

#2128 by Alex_Dewar
Thu Sep 13, 2018 3:52 pm
Hi Ron,

I believe microcontrollers typically use dynamic CMOS since it's faster and uses fewer transistors than static CMOS. I don't think the attack would even work as is, since the Hamming Distance would also be affected by the input to the XOR (would still be possible, you'd just have to keep track of what you're sending for the analysis).


Who is online

Users browsing this forum: No registered users and 1 guest