I am planning to do a small demo to a class of high school students and looking for setups to do a textbook RSA power analysis demo where I extract the decryption key from the square and multiply algorithm.
I heard that chipwhisperer Nano couldn’t fit an RSA implementation inside but I was wondering if it would be possible if I went with RSA1024 instead of 2048.
What would be the cheapest setup to perform such a demo?
MBEDTLS doesn’t use square and multiply, it uses a sliding window, so the AVRCRYPTOLIB SPA attack won’t work on it. Also the RSA implementation that we run is already RSA-1024, though I don’t think there’s anything in the source code that stops you from going lower. IIRC there is a part of the code that checks for leading zeros in the key that you can do side channel off of, but I’m not sure if that’s what you’re looking for in your demo.
If you have access to an oscilloscope (or are willing to buy a Nano to go with this) and are comfortable with a soldering iron, you could hack up an Arduino board or some other ATMega based board to make it suitable for side channel.
Thanks for the information.
The specific attack I would like to have is a full private key recovery in RSA. Is it not possible to write a vulnerable textboox implementation myself and run it in the existing STM32F0 board on the Nano?
For your last suggestion, if I use a different target board and solder probes to the power pins, what would be the main advantage of using the chipwhispere Nano over an oscilloscope?
I am quite new about these stuff so I am sorry if these are very trivial questions. Thanks again.
Sure, definitely possible, though it might be a bit of work. I haven’t tried to implement RSA before, so I’m not sure how much time/effort this would be.
The Nano can sample synchronously, meaning it can clock its ADC off the same clock as the target. This helps a lot with CPA, though it may not be as useful for an SPA attack. It’s worth noting that it isn’t sufficient to simply connect to the power pins of the device, you’ll need some way of measuring current into the device (so something like a shunt resistor), as well as removing decoupling capacitors.
This tutorial is for glitching, but it’s a good example of what hardware mods you need for side channel: chipwhisperer-jupyter/courses/faultapp1/LPC1114_Fuse_Bypass.ipynb at main · newaetech/chipwhisperer-jupyter · GitHub