Hello,
Is there a way to attack the AES first round on CW305. I found an old discussion on the forum explaining a HD attack on the Sakura. The attack compares the ‘previous ciphertext’ with the value of ‘textin XOR kguess’. Will this model work for the CWs AES implementation?
From the simulation it looks like the previous ciphertext gets overwritten by the new textin value.
Regards,
Ali
Hi Ali,
Not sure which thread you’re referring to, but I don’t think that would work on the CW305 or the Sakura G, as from my understanding both load the plaintext then run it through a full round.
The best attack I’m aware of is a chosen plaintext attack detailed here: chipwhisperer-jupyter/courses/sca201/Lab 2_3 - Attacking Across MixColumns.ipynb at main · newaetech/chipwhisperer-jupyter · GitHub.
Alex
Thanks for your reply Alex.
I was referring to this post:
Regards,
Ali
Oh, that thread is just talking about the normal last round state diff leakage model by the end. I believe the original poster was talking about the attack in general and trying it with the normal sbox output model, which doesn’t work well for hardware AES. Colin’s post referring to HD on the first round is that because of the presence of MixColumns, you need to guess 4 bytes at a time, which ChipWhisperer’s software doesn’t support.