Changes in AES c code to make HD model work


#1

Hey Collin,
I was running the built-in CPA attack on AES 128 using chipwhisperer 4.0.2 on the XMEGA target,
It exposed the key with the default power model (HW). However, changing to HD didn’t succeed to expose the key (still the built in implementation with the only change: leak_model = AES128_8bit( SBoxInOutDiff )
I am trying to make modifications in the C code of the aes implementation in the SubByte step in order to make the HD model to work successfully.
I saw in your folders different implementations of AES, and compiling the file in ‘victims\firmware\simpleserial-aes’ according to your guide, i saw that the files complied are from: ‘firmware\crypto\avrcryptolib\aes’.

the c code of the Subbyte step there is:
void aes_enc_lastround(aes_cipher_state_t* state,const aes_roundkey_t* k){
uint8_t i;
/* subBytes */
for(i=0; i<16; ++i){
state->s[i] = pgm_read_byte(aes_sbox+state->s[i]);
}

I’d like to make sure that i understood correctly:
a)‘pgm_read_byte(aes_sbox+state->s[i])’ the Sbox output
b) ‘state->s[i]’ the Sbox input

What changes should i apply to the c code to make this attack work on the HD between the Sbox input and Sbox output? Or is there another way you suggest to do that?

i’m stuck with it for a long time so i’d appreciate your help very much.
Thank you!


When to use what leakage model?
#2

I’m not Colin but I can try to answer!
Yes, you’re understanding the code correctly.
What is your goal in using the HW model, since the HD model is successful?
In this case, I believe that the applicability of one model or the other is determined by the underlying transistor-level hardware and there’s not much you can do to the C code to change that.

This has been covered on this forum, e.g. here and here.

If your goal is to better understand the theory behind the models and attacks, I recommend this book.
You can also find tons of freely available academic papers on the subject, e.g this one.

Hope this helps,
Jean-Pierre