Assistance with Side-Channel Attacks on FPGA Cipher Implementations

I am using an oscilloscope on a CW305 to perform a side-channel attack and capture the traces during the encryption. However, our professor suggested using the bitstream that you can find in this GitHub repository: GitHub - ahmedbouzid07/PowerAnalysis Github
The problem is that we are facing this error:

--------- AssertionError Traceback (most recent call last) Cell In [1], line 76 74 cipher = AES . new (bytes (key), AES . MODE_ECB) # Initialize cipher for verification 75 expected_ciphertext = cipher (bytes (text)) ---> 76 assert list (ciphertext) == list (expected_ciphertext), \77 f "Incorrect encryption result! Got { ciphertext } Exp { list (expected_ciphertext) } " 79 # Capture power trace 80 trace = capture_trace() # Capture the power trace using the oscilloscope AssertionError: Incorrect encryption result! Got bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') Exp [44, 169, 241, 9, 192 , 204, 136, 218, 71, 208, 52, 236, 133, 221, 218, 219]

The notebook in that repository shows a lot of errors occurring before the error you show here; you need to sort out the errors in the order in which they occur, starting with this one:
(ChipWhisperer Target ERROR|File CW305.py:365) target.REG_CRYPT_KEY unset. Have you given target a verilog defines file?

When you connect to the target in the way you are doing:
target = cw.target(None, cw.targets.CW305, force=True, bsfile=bitstreamfile)

you also need to explicitly provide a defines_file=[...] argument pointing to where the target registers are defined.
If you were only given a bitstream, that’s not enough: you also need the Verilog register definitions.

Thank you for your response. The FinalCode.ipynb was not structured well enough to clearly identify the error we encountered, which is why I created a simplified notebook to better investigate the encryption issue. In the same repository, we included the new bitstream we intend to use. This bitstream was designed to implement a triggering mechanism that allows the oscilloscope to capture traces using the external trigger port.

The problem we’ve been facing since the beginning with the CW305 is that when we use a bitstream file, the encryption does not work correctly (producing incorrect results). However, without the bitstream file, the encryption functions properly. The encryption function used can be found in the init.py file in the repository, specifically at line 517.
As you mentioned in your response, and as demonstrated in the testCode.ipynb we need to add a defines_file for the target registers. The notebook suggests adding the cw305_defines.v file, but none of the files used to generate the bitstream contains a file with that name. Instead, I used the files from this repository , along with three additional files provided by my professor:

  1. cw305_interface.vhd
  2. cw305_top.v
  3. xls_test.sv.

The cw305_interface.vhd file defines a hardware module called cw305_interface, which is primarily used for interfacing and controlling cryptographic operations via an instance of the xls_test component. The xls_test.sv file is a custom hardware implementation of the AES encryption module written in Verilog.

Given this setup, my questions are:

  • Which files should be passed in the defines_file list?
  • Why does the target fail to perform encryption correctly when a bitstream is used, while it works without it?

Thank you in advance for your assistance!

Because ChipWhisperer doesn’t know how to “talk” to this bitfile, because it hasn’t been given the defines file.

You’re asking the wrong person! That’s a question for your professor. The reason is that when you want to write a key or plaintext to the target, ChipWhisperer needs to know the register addresses to write these to.

BTW the error at the end of the notebook here is because you’re comparing a bytearray to a list. You may well have the correct result. Good luck with your assignment!

Thank you very much @jpthibault!