forked from Ledger-Donjon/lascar
-
Notifications
You must be signed in to change notification settings - Fork 1
/
cpa.py
47 lines (30 loc) · 2.02 KB
/
cpa.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
"""
In this script, we show how to perform Correlation Power Analysis with lascar to retrieve an AES keybyte.
The engine we need here is the CpaEngine.
It needs:
- a selection function (under guess hypothesis) on the sensitive value (here the output of the sbox at first round):
This function answers the question: "Under the 'guess' hypothesis', how do I model the behavior with 'value'?
- a "guess_range" which will define what are the guess possible values
"""
from lascar import *
from lascar.tools.aes import sbox
container = BasicAesSimulationContainer(200, noise=2) # We use the BasicAesSimulationContainer with 2000 traces
def selection_function(value, guess): # selection_with_guess function must take 2 arguments: value and guess
"""
What would the hamming weight of the output of the 3rd sbox be if the key was equal to 'guess' ?
"""
return hamming(sbox[value['plaintext'][3] ^ guess]) # here we partition on the value of the 3rd plaintext byte
guess_range = range(16) # number of possible classes (~output of the partiton_function) for the partition_function
cpa_engine = CpaEngine("cpa_plaintext_3", selection_function, guess_range)
session = Session(container, engine=cpa_engine, output_method=MatPlotLibOutputMethod(cpa_engine))
session.run(batch_size=200)
"""
Now let's compute the 16 cpa retrieving all key bytes in //
We chose here to display the progression of each attack depending on the number of traces.
"""
def generate_selection_function(byte):
def selection_with_guess(value, guess): # selection_with_guess function must take 2 arguments: value and guess
return hamming(sbox[value['plaintext'][byte] ^ guess])
return selection_with_guess
cpa_engines = [CpaEngine("cpa_%02d" % i, generate_selection_function(i), guess_range, solution=container.key[i]) for i in range(16)]
session = Session(container, engines=cpa_engines, name="cpa on 16 bytes", output_method= ScoreProgressionOutputMethod(*cpa_engines), output_steps=10).run(batch_size=50)