ChipWhisperer CPA on AES


#1

Hi,
I would like to ask if there are other pre-processing methods in ChipWhisperer Analyzer(V3.5.1) besides Add Noise, Decimation, Digital Filter and Normalize?

   At present, when we are trying to attack a group of hardware AES algorithm keys by CPA, we cannot find the location of AES operation in the captured waveform. It is estimated that the chip has taken protective measures, but we still cannot find the location of AES operation by using several pre-processing methods provided by the ChipWhisperer Analyzer. Therefore, we would like to ask if there are any other pre-processing methods?

    The attached figure trace1 is the waveform which has been Digital Filter pre-processed of the original waveform. Could you please help to see where the AES operation is located? 

Thank you.!

trace1|690x240


#2

Hi, it seems like you image didn’t come through.

Regarding preprocessing methods, https://github.com/newaetech/chipwhisperer/tree/fdd8e691a7385f02b0c16d96f49f61e4736935aa/software/chipwhisperer/analyzer/preprocessing should contain all of the options.

Regarding finding the location of AES, what sort of control do you have over the device? Can you select what data to send to the AES module, or are you only able to view the input or output of AES?

Alex


#3

Hi Alex,
I can select what data to send to the AES module, I know that there is a chip AES operation process in the captured waveform, and there are at least three rounds of AES operation, but I don’t know the specific location, and this AES operation has no result output, could you give me some other suggestions?
Thanks!