Attack DPA Contest

Attack DPA Contest

Software

The program realizes a power analysis attack for DPA contest v4 (http://www.dpacontest.org/v4/index.php). Target implementation is a masked AES-256 implemented in software on an Atmel ATMega-163 smart card. This implementation is called AES-256 RSM (Rotating Sbox Masking). Our implementation of attack consists of two basic steps (see Fig.1). In the first step, the secret offset of AES RSM is revealed by MLP trained (Multi-Layer Perceptron) from power traces. In the second step, classical differential power analysis (DPA) based on correlation coefficient reveals secret key stored in cryptographic device. Targeting intermediate value during the DPA is output of SubBytes function in the first round. Attack needs about 20 power traces to obtain whole secret key.

The program realizes a power analysis attack for DPA contest v4 (http://www.dpacontest.org/v4/index.php). Target implementation is a masked AES-256 implemented in software on an Atmel ATMega-163 smart card. This implementation is called AES-256 RSM (Rotating Sbox Masking). Our implementation of attack consists of two basic steps (see Fig.1). In the first step, the secret offset of AES RSM is revealed by MLP trained (Multi-Layer Perceptron) from power traces. In the second step, classical differential power analysis (DPA) based on correlation coefficient reveals secret key stored in cryptographic device. Targeting intermediate value during the DPA is output of SubBytes function in the first round. Attack needs about 20 power traces to obtain whole secret key.

DPA Contest, power analysis, MLP, SCA

DPA Contest, power analysis, MLP, SCA

Ústav telekomunikací, Technická 12, 616 00 Brno

výsledek využívá pouze poskytovatel

K využití výsledku jiným subjektem je vždy nutné nabytí licence

http://crypto.utko.feec.vutbr.cz/?page_id=54#6