I’m trying to attack a specific AES engine that I have on my artix-7 FPGA. I’m using the PA_HW_CW305_1-Attacking_AES_on_an_FPGA jupyter tutorial but instead of
leak_model = cwa.leakage_models.last_round_state_diff
I’m trying to implement a new model that will fit my engine. Instead of one round per cycle in my engine there are two rounds per cycle. Which means, if I understand correctly, that the HD last round diff model shouldn’t work because it’s assuming the trace measurement is done between the 9th round and 10th round. So, what I should do is implement a HD model between the 8th round and the 10th.
- Is that correct so far?
- My model didn’t work and I’m trying to figure out why, maybe I’m implementing it wrong. This is my code, if you could review it and give me some advice that would be very much appriciated.
import chipwhisperer.analyzer as cwa class Round8Round10StateDiff(cwa.AESLeakageHelper): name = 'HD: AES Round8 out to Round10 out (last round out) State diff' def leakage(self, pt, ct, key, bnum): key9 = self.key_schedule_rounds(key, 0, 9) key10 = self.key_schedule_rounds(key, 0, 10) st10 = ct state = [ct[i] ^ key10[i] for i in range(0, 16)] # inv Add round key round 10 state = self.inv_shiftrows(state) # inv shift rows round 10 state = self.inv_subbytes(state) # inv sub bytes round 10 state = [ct[i] ^ key9[i] for i in range(0, 16)] # inv Add round key round 9 state = self.inv_mixcolumns(state) # inv mix columns round 9 state = self.inv_shiftrows(state) # inv shift rows round 9 state = self.inv_subbytes(state) # inv sub bytes round 9 st8 = state return (st8[bnum] ^ st10[bnum]) leak_model = cwa.leakage_models.new_model(Round8Round10StateDiff) .....