I’m very very new to the idea of SCA and diff power anaylsis… So please forigve my ignorance here!
From everything I’ve seen so far, this works really well on AES because of a simple XOR op before the known and standard lookup table.
-
What if I don’t know the algorithm I want to attack? How would I begin correlating input data to differential power samples!?
-
If someone just (foolishly usually) changed the lookup table, how would anyone using power analysis ever figure that out?
-
Even for challenge and response, if I don’t know the algorithm used (assume it’s some arbitrary “security through obscurity”) I can only see when my data was put into the bus, and eventually the result. I feel like I’m missing some important detail here.
-
For something like a secure bootloader, if I’m trying to leave the bootloader in place, add my own application - it seems the input could be any amount of the total flash I’m trying to replace - So in that case, I don’t have a single byte input - I have an entire file. Seems useless in this scenario but I figured I’d ask.
Any help would be appreciated. Browsing over the tutorials now just to see if I can answer any of these myself.