I was wondering whether anyone has broken the SAM4L target? If so, could you please point me to the leakage model that worked for you?
After some trial and error, I went looking around online for tips to point me in the right direction. I found Colin’s overlords paper (https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2018/us-18-OFlynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards.pdf), which suggests round to round leakage (round 2 to round 3 specifically mentioned), in approx 3000 traces without, any countermeasures enabled.
- I tried the HD last state round diff (and the alternate version), and round 1 to round 2 key add attack scripts with 10k traces. This was very unsuccessful.
- Given the results above, and the reference to round 2 to round 3 in Colin’s paper, I thought this might have been a suggestion that this round specifically was what needed to be attacked. I tried this by adopting the code for the key round attack and having it step a round deeper into the algorithm. This was unsuccessful.
- I would have thought that the key diffusion steps of the algorithm would prevent a sub-key attack between rounds with mixcols in play, as we do not know the correct adjacent sub keys it uses for diffusion? If this assumption is correct, then how would this attack be approached or is it indeed not really very possible / practical?
Big thanks for any help.