CPA Points of Interest

I followed the tutorial (PA_HW_CW305_1-Attacking_AES_on_an_FPGA) to implement the CPA attack, but I can not get all correct key when I use CPA to attack 32-bit AES. Not being able to just use CPA on non-128-bit AES may have something to do with how the cpa algorithm decides points of interest.

attack = cwa.cpa(project, cwa.leakage_models.last_round_state_diff)

I am confused about this line of code how to determine which point in the power trace is the point of interest required by the CPA algorithm.

I searched for some information in /software/chipwhisperer/analyzer/attacks.
In AES128_8bit.py, the leakage model gives us hammering distance.I don’t think it has anything to do with points of interest, but maybe I’m wrong.
In progressive.py, it uses different traces to get output stats, but I don’t understand how it figures out points of interest in power trace.

Any suggestions would be appreciated.

Hi,

The only selection of “points of interest” in a CPA attack is just selecting the point with the highest correlation. I’d recommend running through courses/sca101, in particular Lab 4_2, as it explains how CPA attacks work. It also does all the calculations through numpy, so it’s much more explicit than using Analyzer.

Also, when you say 32-bit AES, do you mean doing AES via T-Tables, or AES-256?

Thanks for your suggestion. I referenced PA_HW_CW305_1-Attacking_AES_on_an_FPGA earlier because I was learning to use CW305 at the same time. I neglected other tutorials on CPA but I will learn more about how CPA attack works.

Sorry I didn’t explain clearly. That is for 128-bit AES and the data path is 32-bit. As shown below is its power trace, each round will do 4 times of s-boxes, that’s why I want to understand how the algorithm of the CPA attack analyzes the power trace.

Is this a software or hardware AES implementation? Do you mean that, each cycle, 4 of the 16 bytes are processed, or something else?

For a hardware AES implementation, power analysis information is usually most visible when that information is stored in internal registers. It also leaks in the form of a difference between the last two states of that internal register. For the normal CW305 bitstream, the AES state is stored at the end of each round. This, plus the absence of MixColumns, is why we attack using the last_round_state_diff leakage model.