Attack on aes128 modes

Hello everyone, I am a new user and overall beginner in the sca space. I’ve completed sca101 and the beginning of sca201 and I have some questions regarding the attack on other modes of aes128. My question is regarding the leakage model for the different modes. I understand that the sbox_output corresponds to the ECB mode, and I was wondering if for the other modes there are already pre-made models, or will I have to manually add them.

Hi Joao,

The sbox_output isn’t really related to the ECB mode, it has to do with how AES is setup internally (mostly for HW crypto), as well as from what end you need to attack AES from. For example, if we attack the STM32F4’s HWC, the most effective attack is the hamming distance between the input and the output of the last round. You can see a list of leakage models at API — ChipWhisperer 5.6.1 documentation. Keep in mind that not all of these models are useful or usable (i.e. you need to know the key to make the attack work).


Also, if you’re interested in a particular mode, see what you can find in research papers written on SCA on that mode. I think that in general there’s no “one size fits all answer”, because it depends how the mode is used, and how you’re allowed to use it… Take for example AES counter mode, the counter and the nonce do not need to be secret, so if you know what they are for your target, then it’s no different than attacking ECB.

Here’s a couple examples to start you off:
CCM mode:
CTR mode: GitHub - LaurenDM/AttackAESCTR

1 Like

I understand now, I was assuming there was a direct relationship between the leakage model and the encryption mode. Thank you very much for the clarification