This example shows how easy and fast it is to perform a second-order CPA at the example of a traceset from the ASCAD database.
The original HDF5 traceset of ASCAD (available from http://data.ascad-databases.ovh/ASCAD_data.zip, see ASCAD database for details) can be converted into the trs format using the accompanying Python script ascad2trs.py
.
This example needs less than a minute to run. Compare this to the 2 hours reported in https://eprint.iacr.org/2018/196 for a Python implementation of second order analysis.
The accompanying non-notebook Julia script contains the multi-worker version of this code that can benefit from multiple cores on the same machine and in a cluster, as described in the HPC example.
The example also illustrates that the conditional leakage averaging approach can speed up the key recovery time while using more traces (set condavg
parameter below to true).
For reference, the full correct key for the ASCAD source traceset is 0x4dfbe0f27221fe10a78d4adc8e490469
. The traceset contains a range of samples for the recovery of only the 3rd key byte, which is 0xe0
.
TODO: compare to Daredevil, add a test case to https://github.com/ikizhvatov/dpa-tools-benchmarking
In [1]:
using Jlsca.Trs
using Jlsca.Sca
Configure the attack
In [2]:
fname = "ASCAD.trs" # traceset file
nrTraces = 1000 # number of traces to attack
keyByteNum = 3 # key byte to attack; ASCAD examples and truncated traceset are for the 3rd key byte
condavg = false; # use conditional leakage averaging
In [3]:
trs = InspectorTrace(fname)
Out[3]:
In [4]:
# attack parameters
attack = AesSboxAttack()
attack.xor = false
if condavg
anal = CPA()
else
anal = IncrementalCPA()
end
anal.leakages = [HW()]
params = DpaAttack(attack,anal)
maxCols = 150000 # Maximum number of samples processed in one tile. With more RAM this can be increased. Does not affect performance that much though for large values.
params.maxCols = maxCols
params.maxColsPost = maxCols
params.targetOffsets = [keyByteNum]
params.knownKey = "4dfbe0f27221fe10a78d4adc8e490469" |> hex2bytes
# add a pass doing second order combinations
reset(trs)
addSamplePass(trs, SecondOrderPass(AbsDiff()))
Run the attack
In [5]:
@time sca(trs, params, 1, nrTraces);
In [6]:
# graceful cleanup
popSamplePass(trs)
popSamplePass(trs)
close(trs)