CW305 - CW Lite 2 CPA Attack Unsuccessful

Hello,

I have implemented a CPA attack on AES running on the CW305 following the procedure described in the NAEAN0010: Power Analysis on FPGA Implementation of AES Using CW305 & ChipWhisperer white paper at NAE0010_Whitepaper_CW305_AES_SCA_Attack.pdf (newae.com). My hardware setup is also exactly the same as described in the white paper and utilizes the CW Lite 2.

I have programmed the CW305 using the provided default impl_100t bitstream verified that my CW305 indeed has a 100t variant, but unfortunately, regardless of however many traces I collect, I am unable to extract the cipher key. I have tried up until 40000 traces with no success.

Attached is the jupyter notebook containing the capture and CPA logic I am using, in addition to various graphs for analyzing CPA results such as PGE as a function of number of traces collected.
CPA_AES.zip (3.1 MB)

It does not seem like the attack is making any progress given an increasing number of traces, so I believe something is wrong and the attack will not improve regardless of the number traces I collect.

I have also tried utilizing last_round_state_diff leakage model instead of sbox_output as described in CW305 CPA Attack not working - Embedded Security / ChipWhisperer Hardware - NewAE Forum.
However, the last_round_state_diff leakage model did not yield a successful attack after 25K traces either.

What is causing CPA to fail like this? Are there any parameters that can be tweaked to improve the attack? Any feedback or suggestions would be greatly appreciated. Thank you.

A few things:

  1. You definitely want the last_round_state_diff leakage model.
  2. Have a look at our CW305 AES demo; it should run successfully out of the box.
  3. I don’t understand your clock setup; you’re driving the PLL0 clock to the X6 SMA, which the CW-lite can’t get. Look at the notebook above for our recommended clocking setup. I suspect this is where the issue lies. Always a good idea to look at the power traces too, it will give you a hint if something is off like this.

Jean-Pierre

Utilizing the last_round_state_diff leakage model along with making the appropriate changes to the clock setup as shown in the notebook provided resolved the issue and the attack now executes successfully. Thank you for the follow up!

Great, thanks for the update! CW305 gives you a lot more clocking options than our other targets, so it’s important to understand them.
Jean-Pierre

1 Like