I recently bought cw305 and chipwhisperer-lite capture boards. I would like to perform an SCA attack on a custom crypto. If i have the verilog implementation of the custom crypto, what are the procedures i should follow to program the cw305 and capture the power traces.
Hi,
@jpthibault usually handles FPGA questions and is currently on vacation, so it might be a little bit before your question gets answered
Apologies for the delayed reply!
To get started with the CW305, I would recommend starting with out with our AES demo notebook, and reading our CW305 appnote to learn the basics of interacting with the board.
You can then explore the other CW305 example targets that we have: chipwhisperer/firmware/fpgas at develop · newaetech/chipwhisperer · GitHub
This should give you a pretty good idea of how to proceed with capturing traces of your own crypto. If you still have any questions don’t hesitate to ask.
I have looked into all the documents you mentioned but the programming part is not clear. For example if I edit something inside the aes_core.v, what are the procedures that i need to follow to synthesize, generate bit file and run capture trace?
You would simply open the Vivado project and generate a new bitfile.
If you’re new to Vivado there is a substantial learning curve, but Xilinx has lots of documentation to guide you.
Hi @jpthibault ,
Every round of AES is completed in a single clock cycle here chipwhisperer-jupyter/demos/PA_HW_CW305_1-Attacking_AES_on_an_FPGA.ipynb at master · newaetech/chipwhisperer-jupyter (github.com). This means that 10 clock cycles are sufficient for AES-128 encryption. When I use a custom AES-128, I have synchronization problems with the clock. In my case, round 1 takes 4 clock cycles, rounds 2-8 take 72 clock cycles (8 clock cycles each), and the last round takes 4 clock cycles. Can you please tell me how I can adjust my clock settings? Because I have “Capturing traces: 0%
1/5000 [01:00<69:42:30, 50.20s/it]
(ChipWhisperer Scope WARNING|File _OpenADCInterface.py:640) Timeout in OpenADC capture(), no trigger seen! Trigger forced, data is invalid. Status: 0b”. Thank you.
This error means that your CW capture hardware isn’t getting a trigger; this has nothing to do with how many cycles each round takes. What you need to figure out is why your target isn’t raising the TIO4 trigger line. I would use ILAs.