software

The program realizes a power analysis attack for DPA contest v4 (http://www.dpacontest.org/v4/index.php). Target implementation is a masked AES-256 implemented in software on an Atmel ATMega-163 smart card. This implementation is called AES-256 RSM (Rotating Sbox Masking). Our implementation of attack consists of two basic steps (see Fig.1). In the first step, the secret offset of AES RSM is revealed by MLP trained (Multi-Layer Perceptron) from power traces. In the second step, classical differential power analysis (DPA) based on correlation coefficient reveals secret key stored in cryptographic device. Targeting intermediate value during the DPA is output of SubBytes function in the first round. Attack needs about 20 power traces to obtain whole secret key.

DPA Contest, power analysis, MLP, SCA

11. 11. 2014

Ústav telekomunikací, Technická 12, 616 00 Brno

K využití výsledku jiným subjektem je vždy nutné nabytí licence

Poskytovatel licence na výsledek nepožaduje v některých případech licenční poplatek

http://crypto.utko.feec.vutbr.cz/?page_id=54#6