I am a beginner using Chipwhisperer 1200 pro. I wish to implement various crypto algorithms and perform CPA on those implementations.
I found few crypto algorithms already available in AVRCRYPTOLIB folder. So as an example I have used the present code available and implemented in the XMEGA target. I wish to do CPA on the implemented present cipher.
In default I could find the available leakage models by printing ‘cwa.leakage_models’. Now I wish to know which leakage model should I use for attacking Present cipher. Also, on searching for the details further, I couldn’t find any relevant documents discussing about the suitable leakage models for various algortihms.
In Lab 4_3 - ChipWhisperer Analyzer CPA Attack (MAIN) course it was mentioned that it will be discussed in SCA201 where I couldn’t find related data. So, it would be of great help if you could share the link/details of the related documents on ‘cwa.leakage_models’ and how to choose the needed one for other algorithms in AVRCRYPTOLIB folder.
If you search for “leakage_models” in the sca201 folder, you’ll find them (labs 2_1 and 3_1).
To do a CPA attack on a different cipher, you’ll need to build your own leakage model. Take the time to really understand how the existing leakage models work, using the tutorials.
Thank you @jpthibault for clearing my query and for sharing the needed docs. I will refer the same.
As per my understanding, If I am not wrong,
The provided cwa.leakage_models as below are applicable only for AES. Isn’t it? If I have to perform attack on other crypto algorithms, then I have to write attack codes similar to what is available for AES attack. Is my understanding correct?
after_key_mix:
Hamming weight of 1st round key mix (pt ^ key)
inverse_sbox_output:
Hamming weight of 1st round InvSBox (for decryption)
last_round_state:
Hamming weight of 9th round state (InvSBox output)
last_round_state_diff:
Hamming distance between rounds 9 and 10
last_round_state_diff_alternate:
Hamming distance between rounds 9 and 10 (alternate calculation)
mix_columns_output:
Hamming weight of 1st round mix columns
plaintext_key_xor:
Hamming weight of 1st round key mix (pt ^ key)
round_1_2_state_diff_key_mix:
Hamming distance between initial key mix and round 1 key mix
round_1_2_state_diff_sbox:
Hamming distance between round 1 and round 2 sbox output
round_1_2_state_diff_text:
Hamming distance between AES input and mix columns output
sbox_in_out_diff:
Hamming distance between SBox input and output.
sbox_input_successive:
Hamming distance between 2 AES sbox inputs
sbox_output:
Hamming weight of 1st round SBox output
sbox_output_successive:
Hamming distance between 2 AES sbox outputs
shift_rows_output:
Hamming weight of shift rows output
t_table:
Hamming weight of t-table
t_table_dec:
Hamming weight of inverse t-table
Yes, that’s right on both points.
Thank you… I will proceed further