Hi everyone,
I’m currently developing an attack on a binary‐field ECC core using the ChipWhisperer CW305 interface. So far I’ve:
- Implemented my own ECC core and integrated it with the CW305 platform
- Defined the curve parameters and configured trace capture
- Successfully captured power traces and read back register values (the printed trace data matches expectations)
However, I’m unsure about how ADC samples and clock cycles relate:
- When I print
scope.adc.trig.count, I get a value of 2. Does this mean my core only takes two clock cycles to complete?
- How do I determine how many ADC samples I actually need, and whether I should apply an offset?
- What’s the proper way to align my analysis window so I’m pointing at the right portion of each trace?
I am still learning about chipwhisperer and python coding, so need help in understanding few things.
Could you help me understand how to calculate clock cycles and ADC sample counts, and how to align my capture window correctly?
The documentation is pretty clear on this. Modify your core so that it raises the trigger line when it starts, then lowers it when it’s done; then you can use scope.adc.trig_count to know how long the trigger was high.
For all your other questions about clock cycles: since this is your own core that you’re trying to attack, this is easy because you can cheat! Just run a simulation to learn exactly when your core is doing what you’re interested in looking at.
Thank you for the link, it helped a lot.
About the trigger though, does that mean that the trigger line must be high throughout till the operation is complete??
As per the documentation, scope.adc.trig_count will tell you how many cycles the trigger was high for. The rest is up to you.
Thank you for your help.
I am trying to understand the verilog of ECC. Does the top module send and receive 256 bits at once? From what I understand, 32 bits are processed at once, so every time there is a “rdy” signal next word is sent. But the rdy is also used to signal when the multiplication is done. So is the 256 bits sent at once, stored in a BROM till completion, or Does the chipwhisperer send only 32 bits at once?
No processing is done until all 256 bits are sent.
To understand how the core functions, I recommend you run a simulation and look at the waveform (go to firmware/fpgas/ecc/sim; run make DUMP=1).
Keep in mind that we didn’t design this core, so we won’t be able to answer detailed questions about its functioning.