I’m currently working with the ChipWhisperer Husky using the Google Vault AES core (featuring the LUT-based S-box). While analyzing the provided CPA methodology for this setup, I noticed that the attack appears highly implementation-specific. In particular, it relies on a last-round Hamming Distance leakage model tailored to the single-cycle combinational architecture and LUT-based S-box.
When substituting a different AES implementation, this CPA approach no longer succeeds, which raises a couple of questions:
1. CPA on Alternative AES Implementations
Has anyone successfully performed CPA on ChipWhisperer FPGA targets using AES implementations other than the standard LUT-based Google Vault core?
- What types of implementations did you target (e.g., algebraic S-box, serialized architectures, pipelined designs)?
- Which leakage models (e.g., Hamming Weight, Hamming Distance, transition-based) proved effective?
- How did you adapt your attack methodology to account for architectural differences and varying leakage characteristics?
2. DPA on ChipWhisperer FPGA Targets
Has anyone used Differential Power Analysis (DPA), instead of CPA, on traces collected from ChipWhisperer FPGA platforms such as the CW-Husky?
- Which intermediate values did you target during the attack, and what were the main challenges, and what strategies led to successful key recovery? I tried DPA on with the LUT sbox model, but could not become successful even with more than 1M traces.
Thank you.