I have changed DPA attack as follows to break DES, but could not get the correct key.
code
SCOPETYPE = ‘OPENADC’
PLATFORM = ‘CWLITEXMEGA’
CRYPTO_TARGET = ‘AVRCRYPTOLIB’
SS_VER=‘SS_VER_1_1’
%run “…/…/Setup_Scripts/Setup_Generic.ipynb”
%%sh -s “$PLATFORM” “$CRYPTO_TARGET” “$SS_VER”
cd …/…/…/hardware/victims/firmware/simpleserial-des
make PLATFORM=$1 CRYPTO_TARGET=$2 SS_VER=$3
cw.program_target(scope, prog, “…/…/…/hardware/victims/firmware/simpleserial-des/simpleserial-des-{}.hex”.format(PLATFORM))
from tqdm import tnrange
import numpy as np
import time
ktp = cw.ktp.Basic()
trace_array =
textin_array =
ktp.fixed_key = False
ktp.text_len = 8
ktp.key_len = 8
key, text = ktp.next()
target.set_key(key)
print('Setting key: ’ + str(key))
N = 2500
for i in tnrange(N, desc=‘Capturing traces’):
scope.arm()
target.simpleserial_write(‘p’, text)
ret = scope.capture()
if ret:
print(“Target timed out!”)
continue
response = target.simpleserial_read(‘r’, 8)
trace_array.append(scope.get_last_trace())
textin_array.append(text)
key, text = ktp.next()
I have tried following s-boxes both of them are not working.
sbox = [
0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07,
0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38,
0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50,
0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D,
0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A,
0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5,
0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F,
0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9,
0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28,
0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1,
0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7,
0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C,
0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F,
0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9,
0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84,
0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E,
0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9,
0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86,
0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E,
0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53,
0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B,
0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38,
0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6,
0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D,
0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61,
0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86,
0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92,
0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C,
0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7,
0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92,
0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58,
0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B
]
Sbox = [
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
def aes_internal(inputdata, key):
return Sbox[inputdata ^ key]
import numpy as np
mean_diffs = np.zeros(256)
guessed_byte = 0
for guess in range(0, 256):
one_list =
zero_list =
for trace_index in range(numtraces):
#Inside here do the steps shown above
hypothetical_leakage = aes_internal(guess,
textin_array[trace_index][guessed_byte])
if hypothetical_leakage & 0x01:
one_list.append(trace_array[trace_index])
else:
zero_list.append(trace_array[trace_index])
one_avg = np.asarray(one_list).mean(axis=0)
zero_avg = np.asarray(zero_list).mean(axis=0)
mean_diffs[guess] = np.max(abs(one_avg - zero_avg))
print(“Guessing %02x: %f”%(guess, mean_diffs[guess]))
def calculate_diffs(guess, byteindex=0, bitnum=0):
“”“Perform a simple DPA on two traces, uses globaltextin_arrayandtrace_array“””
one_list =
zero_list =
for trace_index in range(numtraces):
hypothetical_leakage = aes_internal(guess, textin_array[trace_index][byteindex])
#Mask off the requested bit
if hypothetical_leakage & (1<<bitnum):
one_list.append(trace_array[trace_index])
else:
zero_list.append(trace_array[trace_index])
one_avg = np.asarray(one_list).mean(axis=0)
zero_avg = np.asarray(zero_list).mean(axis=0)
return abs(one_avg - zero_avg)
from tqdm import tnrange
import numpy as np
#Store your key_guess here, compare to known_key
key_guess =
known_key = [0xc6, 0xd6, 0x5a, 0xd3, 0x97, 0xf6, 0xaf, 0x8c]
for subkey in tnrange(0, 8, desc=“Attacking Subkey”):
max_diffs = [0]*256
full_diffs = [0]*256
for guess in range(0, 256):
full_diff_trace = calculate_diffs(guess, subkey)
max_diffs[guess] = np.max(full_diff_trace)
full_diffs[guess] = full_diff_trace
#Get argument sort, as each index is the actual key guess.
sorted_args = np.argsort(max_diffs)[::-1]
#Keep most likely
key_guess.append(sorted_args[0])
#Print results
print(“Subkey %2d - most likely %02X (actual %02X)”%(subkey, key_guess[subkey], known_key[subkey]))
#Print other top guesses
print(" Top 5 guesses: “)
for i in range(0, 5):
g = sorted_args[i]
print(” %02X - Diff = %f"%(g, max_diffs[g]))
print(“\n”)
Known key : [0xc6, 0xd6, 0x5a, 0xd3, 0x97, 0xf6, 0xaf, 0x8c]
guessed key: [0x36, 0xf1, 0xf3, 0x42, 0x7a, 0x2a, 0xe7, 0xa7]
Kindly help me out regarding this as I am stuck on this. I have tried to change number of samples of adc as well as tried different s-boxes.