Approved_users, bureaucrat, administrator
1,956
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Required AES-128 Format
There are two types of cryptographic implementations available for your browsing pleasure. They are either:
As a user, you can submit source-code to accomplish #1, which will run the code on an embedded hardware platform.
* Does not modify clock settings of XMEGA device.
* Doesn't try dumb stuff to reveal key (like saving secret key of job #1 to EEPROM and hoping you can run job #2 on the same hardware right after, and read job #1 key out).
* Includes actual source code (you can't dumb a binary blob in the middle of a C wrapper). You can make the source code complicated however you want though.
The requirement for performing sensitive operations (such as S-Box of input) within 10000 clock cycles is because we currently have limited the system to record a total of 10000 samples at a frequency that is 1x the clock rate.
Please keep a copy of the secret key you submit if it's successful. We may need to verify them to ensure no database tampering happened. Note the secret keys are NOT stored on the database - only a hash of the correct key is, so getting a dump of the database will not be useful.
Note once you submit an implementation, you do receive points for breaking it. Breaking your own implementation means you do NOT receive the time-bonus (since you have access to the traces before anyone else), but instead always receive the some fixed points that a latecomer would (currently 10 30 points).
==== Required AES-128 Format ====
}
</syntaxhighlight>
'''NOTE:''' If the key setup takes longer than 100mS, there is a chance the AES core will miss some of the plaintext sent. Commonly this results in incorrect encryption outputs even though your implementation seems to be correct. Please contact us if this happens, but it's preferable to keep your key setup call < 737000 cycles to avoid this issue. You can do a lot in 737000 cycles so it shouldn't be an issue in most systems.
<u>Encryption Function</u>
As part of the compilation & validation the server will tell you of any errors. You must resubmit a new attempt if your compilation or validation fails (even if it's a problem on our end).
If you wish to compile the code on your own (HIGHLY recommended during debugging to avoid taxing the server systems), please [http://ctf.newae.com/media/cc_aesbuild.zip download the full source code directory], described below. This source code directly is the same ==== Compiling Firmware as Server Does ==== To compile as used on the serverdoes, where your code is automatically copied to simply [http://ctf.newae.com/media/cc_aesbuild.zip download the build directory]. To use this directory: # Unzip that directory somewhere (for example in the "firmware" directory).# Copy your source-codeto the <code>firmware\simpleserial-aes\user_crypto" </code> directory. # To build run "<code>make" </code> in "<code>simpleserial-aes", and have </code>. Running make will require avr-gcc, avr-libc, and & avr-binutils installed (or WinAVR . You can do this on Linux platforms with something like: sudo apt-get install avr-gcc avr-binutils On Windowsplatforms, install [http://winavr.sourceforge.net/ WinAVR]. ==== Timing your AES Implementation ==== One of the requirements is that leakage occurs before 10 000 cycles. How can you test this? Luckily it's possible with the Atmel Studio simulator (you can also try other simulators, but it's unknown their support for the XMEGA device). Details of running the simulator are on the page [[Simulating the XMEGA Target Code]]. Note what it means that "leakage" is occurring is somewhat vague. For example Stage-gate #3B does NOT cover all the first-round S-Boxs in 10 000 cycles, but people were still able to break it. Generally your AES should have somehow touched all the secret material inside that window is the objective.
== White Box Cryptography ==
