Regarding second order dpa attack


  1. What are we capturing after running cw.capture(scope, target, text, key) line code, is it the power consumed for the entire algorithm or a particular part of it. (Asking this question after learning that the leakage model is independent of traces captured)
  2. From our understanding we have to attack two different parts of the algorithm to perform 2nd order DPA attack. So, is it possible capture power traces corresponding to multiple parts of the algorithm with chipwhisperer hardware (cwlite arm, target - STM32F303)?

This depends on what you’re attacking. Some AES implementations (hardware AES running on a CW305) will only take tens of samples and will therefore easily fit in even the smallest power trace you capture. Others take a lot longer. IIRC, when attacking the basic software AES, only a few rounds are captured.

You can adjust the samples captured with scope.adc.samples and the offset from the trigger with scope.adc.offset.


So we have first-order masking, suppose our sensitive data is Z so we choose a random mask R,
and now we have two sensitive data Z Xor R and R which are not related to Z. Now these two data are processed separately. So now we want to figure out how can do power analysis on both instead of one?

Sorry, I can’t really help with masked AES

hi YathinKumar11 , can you use CPA or DPA to attack AES with first-order