CPA
CPA attacks against AES
CryptoSideChannel.CPA.CPA_AES_analyze
— FunctionCPA_AES_analyze(sample_function, leakage_model)
Performs a CPA attack against AES, where traces are collected from a specified function.
Arguments
sample_function
: single-argument function that takes an input AES input (MVector{16, UInt8}
) and returns a power trace as an array of numbers for this input.leakage_model
: a function reducing a processed value $R$ to their estimated side-channel emissions $W_R$
Returns
The recovered AES key
CryptoSideChannel.CPA.CPA_AES_analyze_traces
— FunctionCPA_AES_analyze_manual(plaintexts::Vector, traces::Matrix, leakage_model)
Performs a CPA attack against AES on given traces.
Arguments
plaintexts
: A vector of sizeN
, whereN
is the number of power traces sampled.traces
: A matrix of sizeM * N
, whereM
is the number of samples per trace. Power traces are stored in column-major order, i.e. it is expected thattraces[:,i]
refers to the powertrace generated withplaintexts[i]
leakage_model
: a function reducing a processed value $R$ to their estimated side-channel emissions $W_R$
Returns
The recovered AES key
CryptoSideChannel.CPA.CPA_AES_analyze_manual
— FunctionCPA_AES_analyze_manual(plaintexts::Vector, traces::Matrix, power_estimate)
Performs a CPA attack against AES on given traces.
Arguments
plaintexts
: A vector of sizeN
, whereN
is the number of power traces sampled.traces
: A matrix of sizeM * N
, whereM
is the number of samples per trace. Power traces are stored in column-major order, i.e. it is expected thattraces[:,i]
refers to the powertrace generated withplaintexts[i]
power_estimate
: A function that takes aplaintext::MVector{16, UInt6}
, a key index (1 <=key_guess_index
<= 16), and a key guess (0 <=key_guess
<= 255) and returns an hypothesis on power consumption. For example, a classical implementation of this function for AES with Hamming weight would bepower_estimate(plaintext, key_guess_index, key_guess) = Base.count_ones(AES.c_sbox[(plaintext[key_guess_index] ⊻ key_guess)+1])
CPA attacks against SPECK
Attacks against SPECK are a bit more difficult, since both key parts (the left 64 bits and the right 64 bits) have to be attacked differently.
CryptoSideChannel.CPA.CPA_SPECK_analyze
— FunctionCPA_SPECK_analyze(sample_function)
Performs a CPA attack against SPECK.
Arguments
sample_function
: a single-argument function that takes a SPECK input (Tuple{UInt64, UInt64}
) and returns a power trace (array of numbers) for this input.leakage_model
: a function reducing a processed value $R$ to their estimated side-channel emissions $W_R$N
: the amount of traces to collect
Returns
The reconstructed SPECK key as a Tuple{UInt64, UInt64}
CryptoSideChannel.CPA.CPA_SPECK_analyze_traces
— FunctionCPA_SPECK_analyze_traces(plaintexts::Vector, traces::Matrix, leakage_model)
Perform a CPA attack against SPECK on the provided traces.
Arguments
plaintexts
: A Vector of sizeN
, whereN
is the number of power traces sampled.traces
: A Matrix of sizeM * N
, whereM
is the number of samples per trace.
Power traces are stored in column-major order, i.e. it is expected that traces[i,:]
refers to the powertrace generated with plaintexts[i]
leakage_model
: a function reducing a processed value $R$ to their estimated side-channel emissions $W_R$
Returns
The reconstructed SPECK key as a Tuple{UInt64, UInt64}
Real-world attacks against AES
In the file test/aes-realworld
, a real-world CPA attack is implemented. This attack uses the Northeastern University TeSCASE dataset, available at the TeSCASE downloads page. The attacked traces have been generated on a SASEBO board that executes the AES algorithm.