Attacking Serial_based AES on an FPGA

I’d like to attack a serial_based AES using the “PA_HW_CW305_1-Attacking_AES_on_an_FPGA.ipynb” from the Archive.
But I get the following error:
AssertionError: Incorrect encryption result!

Is there anything that is needed to be changed for a serial AES in the process of capturing traces?


A few questions:

  1. What do you mean by serial AES?
  2. If you’re using a custom bitstream, have you verified that it works?
  3. Are you using the same AES key as we use in that tutorial?
  4. Have you changed what registers in the FPGA things are stored in?


Hey :slight_smile:
Thank you for your reply.

  1. The AES which the plaintext and the key are loaded byte-wise to the module
  2. how can I verify that? I generated the bitstream using Vivado ( cw305_top as the top module )
  3. I didn’t modify anything in the tutorial but the bitstream
  4. Yeah, I modified my registers too.

The code in the CW305 demo should print what the ciphertext and expected ciphertext are. What do they print in your case?


AssertionError: Incorrect encryption result!
Got array(‘B’, [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
Exp [208, 202, 4, 78, 213, 104, 43, 181, 75, 95, 121, 178, 203, 94, 162, 61]

Yeah, either you’re not reading from the correct address on the FPGA (try using
or there’s something wrong with your bitstream (i.e. your design doesn’t work).

I don’t really know much about FPGA development, so I won’t be able to help you much there. I believe Vivado has a simulator you can use to help debug your design.


1 Like

We also provide a very basic testbench that you can easily run with “make” here:

You’ll have to install iverilog (and gtkwave to look at waveforms).
Of course you’ll have to adapt the testbench for any changes you’ve made to the target design.
1 Like

Thank you for your replies. I managed to capture the traces by updating the cw_top level file.
( I added an always block to read the plaintext and key text and also pass the ciphertext)