Greetings!
I have been struggling the last weeks with attempts to perform an attack at a different kind of target then the usually provided UFO targets. I use a Chipwhisperer lite to perfrom the attack.
This is my target: Arrow/Everest/Polarfire devboard
The FPGA is configured as a RISC-V architecture and features some memories and JTAG + UART communications. The PMOD outputs has been configured to match IO1-4 for TX, RX and Trigger purposes. The clock is set as 25MHz at the Target and clock source is externalx4 to push the ADC to 1MS/s and manage the Nyquist x2 criteria.
I have been measuring across the 0 Ohm resistor right of the buttons. This is supposed to go directly from the voltage regulator to the core voltage.
The RISC-V is currently running a simple one-time pad operation between key and plaintext (using volatile to prevent optimizations) and right now I am trying to perform a CPA attack such as the course 4. The power hypothesis is then plain Hammingweight from the pt XOR k.
However, I only get around 50% of the bits correctly guessed and I think it could be from poor triggering and noise from the LTM4649EY#PBF. I take around 50 traces and filter the noise from the stepdown regulator by using correlation and a high pass filter, the traces have some huge disturbances from the regulator that after correlation and averaging looks better, but the rate of success is the same as guessing.
Previous I have tested to measure on a Pullup/Pulldown point close to the FPGA and there I had the same issue of noise from the regulators and it is further away from the computational voltage.
Would be happy with all hints and pointers, since this is my master thesis and I am horrible stuck and behind schedule wise.
Hi,
Are you trying to use the 0-ohm resistor as a shunt? If so, I don’t think that will suffice as a shunt - you will need to replace it with a larger value resistor.
Additionally, have you removed all decoupling capacitors from the low side of the shunt resistor?
Alex
Also - the PT XOR K result is normally not great, it’s a bit of a last resort.
Before you spend too much time - I’d try and get a TVLA test working. This will tell you right away if there is leakage or not, and should be step 1 for your setup!
Thank you for the quick reply.
I had hopes for that the real ~0.5 ohm value would be sufficient, but I will now try to replace it. I did not remove the capacitors since the datasheet for the XMEGA UFO target kept a capacitor to ground, but I will also try this. UFO Target
What value of resistor would you say is resonable for a ~1V core voltage?
Thank you for the quick reply.
Good remark on the powerhypethesis, I will try the TVLA test instead.
I did map the Hammingweigth for different multiplied values before and since the pattern in symmetric for different combinations I guessed the result would be less accurate, but somewhat indicating that there was leakage. I am still mindblown by how powerfull the CPA attacks where and my probing setup is not the best yet for taking a large amount of traces and I hoped it could work is magic on this setup also. 
If it’s 0.5ohms, then that should be fine. The capacitors will get rid of all your power trace info. The cap you see on the XMEGA is on the high side of the shunt, where it affects the power measurements much less.
We do have a full FPGA target: https://rtfm.newae.com/Targets/CW305%20Artix%20FPGA.html. It’s schematic may be helpful to you.
Alex
I have now tried to remove the capacitors from the FPGA. With no capacitors the card detected a fault in voltage and dissconnected. Therefore I have still one left, this still leaves me with the same issues, larger power variances and unusable signals even after filtering.
However I am planning to remove the 1.05V connection althogether and instead add a stable clean voltage from a separate powersource and add a bit larger or more controlled resistance.
Do you also think it could help to cut down the SMA cable and directly solder it to the test pads after getting measurements to reduce paracitics?
Honestly, you might find more success using something like an H-Field probe: https://rtfm.newae.com/Tools/CW505%20Planar%20H-Field%20Probe.html, as that will let you measure current and avoid using a shunt/removing the decoupling capacitors altogether.
Not having those decoupling capacitors there is pretty essential if you’re trying to do a shunt measurement, as those capacitors’ purpose is to filter out high frequency changes on the Vcc pin (which is exactly what you’re trying to measure). You might actually find it better to use a smaller shunt resistor to attempt to avoid instability on the voltage pin.
Feel free to chime in if you’ve got anything to add @coflynn
