I am a beginner using Chipwhisperer 1200 pro. I wish to implement various crypto algorithms and perform CPA on those implementations.

I found few crypto algorithms already available in AVRCRYPTOLIB folder. So as an example I have used the present code available and implemented in the XMEGA target. I wish to do CPA on the implemented present cipher.

In default I could find the available leakage models by printing ‘cwa.leakage_models’. Now I wish to know which leakage model should I use for attacking Present cipher. Also, on searching for the details further, I couldn’t find any relevant documents discussing about the suitable leakage models for various algortihms.

In Lab 4_3 - ChipWhisperer Analyzer CPA Attack (MAIN) course it was mentioned that it will be discussed in SCA201 where I couldn’t find related data. So, it would be of great help if you could share the link/details of the related documents on ‘cwa.leakage_models’ and how to choose the needed one for other algorithms in AVRCRYPTOLIB folder.

If you search for “leakage_models” in the sca201 folder, you’ll find them (labs 2_1 and 3_1).

To do a CPA attack on a different cipher, you’ll need to build your own leakage model. Take the time to really understand how the existing leakage models work, using the tutorials.

Thank you @jpthibault for clearing my query and for sharing the needed docs. I will refer the same.

As per my understanding, If I am not wrong,

The provided cwa.leakage_models as below are applicable only for AES. Isn’t it? If I have to perform attack on other crypto algorithms, then I have to write attack codes similar to what is available for AES attack. Is my understanding correct?

after_key_mix:

Hamming weight of 1st round key mix (pt ^ key)

inverse_sbox_output:

Hamming weight of 1st round InvSBox (for decryption)

last_round_state:

Hamming weight of 9th round state (InvSBox output)

last_round_state_diff:

Hamming distance between rounds 9 and 10

last_round_state_diff_alternate:

Hamming distance between rounds 9 and 10 (alternate calculation)

mix_columns_output:

Hamming weight of 1st round mix columns

plaintext_key_xor:

Hamming weight of 1st round key mix (pt ^ key)

round_1_2_state_diff_key_mix:

Hamming distance between initial key mix and round 1 key mix

round_1_2_state_diff_sbox:

Hamming distance between round 1 and round 2 sbox output

round_1_2_state_diff_text:

Hamming distance between AES input and mix columns output

sbox_in_out_diff:

Hamming distance between SBox input and output.

sbox_input_successive:

Hamming distance between 2 AES sbox inputs

sbox_output:

Hamming weight of 1st round SBox output

sbox_output_successive:

Hamming distance between 2 AES sbox outputs

shift_rows_output:

Hamming weight of shift rows output

t_table:

Hamming weight of t-table

t_table_dec:

Hamming weight of inverse t-table

Yes, that’s right on both points.

Thank you… I will proceed further