Hi,
I’m trying to implement the CPA attack in C, so far, here is what I’m doing, hoping this is clear.
Here is where I found some instructions about mounting the attack : Correlation Power Analysis - ChipWhisperer Wiki
1st step
Do enough capture with CW, like for instance 200 or 2000 even.
Write them using Numpy as something a C program can easily parse.
2nd step
After parsing the traces (into a 2D array traces_array[MAX_TRACE][MAX_SAMPLE]) and verifying they have been well saved and are correctly parsed into the array.
I also add a precomputed Hamming weight array, and a function pearson to calculate the coefficient taking 2 one-dimensional arrays and their length as argument.
3rd step
I’ve got a function that computes all the HW necessary for the attack, writes them to an array called hws[MAX_TRACES][MAX_GUESSES].
The hws array is computed by this code :
void HammingWeightCompute(int array[MAX_TRACES][MAX_GUESS]) {
for (int pt_text_index = 0; pt_text_index < TEXT_LENGTH; pt_text_index++) { // TEXT_LENGTH = 16
for (int guess = 0; guess < MAX_GUESS; guess++) { // 256 iterations
for (int pt_trace_index = 0; pt_trace_index < MAX_TRACES; pt_trace_index++) { // MAX_TRACES iterations
array[pt_trace_index][guess] =
Hamming[sbox(plaintext_array[pt_trace_index][pt_text_index], guess)];
}
}
}
}
// This gives us the hws array that is passed onto attack_byte see below
4th step
Then, I pass this array of hamming_weight to a function called attack_byte(trace_array, byte, hws).
Inside this function, I’m trying to compute all the correlation coefficient for one guess/byte and finally return the index of the maximum one in order to guess the right key byte, but I’m having trouble with this part specifically.
My correlation coefficients are all the same for one specific byte, I believe they should be related to the guess, but they’re not.
double attack_byte (int byte, int hws[][MAX_GUESS], double all_traces[][MAX_SAMPLES]) {
double correlations[MAX_GUESS];
double trace[MAX_TRACES];
uint8_t hw[MAX_TRACES];
int best_guess;
// extract from hws the right Hamming Weights
for (int guess = 0; guess < MAX_TRACES; guess++) {
// just in order to check
printf("hw[%d]=%d\n", guess, hws[byte][guess]);
hw[guess] = hws[byte][guess];
}
// extract from all_traces MAX_TRACES sample byte of the i-th trace.
for (int i = 0; i < MAX_TRACES; i++) {
trace[i] = all_traces[i][byte]; // trace i, sample of fixed number "byte"
}
for (int guess = 0; guess < MAX_GUESS; guess++) {
correlations[guess] = pearson (hw, trace, MAX_TRACES);
}
best_guess = find_max_index (correlations, MAX_GUESS);
return best_guess;
Does anyone see, what I’m currently missing, if more code samples are needed, I can provide them, thanks for any help or guidance regarding the current issue.