Changes

Tutorial B11 Breaking RSA

1,069 bytes added, 15:52, 12 July 2017
Finding SPA Leakage
[[File:B11_settriglen.png|400px]]
If you are using Capture V3.5.2 or later you will have support for the length of the trigger output being high reported back to you. If you run capture-1 for example you'll see the trigger was high for XX cycles: This is way too long! You won't be able to capture the entire trace in your 24000 length sample buffer. Instead we'll make the demo even shorter - in our case looking at the source code you can see there is a "flag" which is set high only AFTER the first 1 is received. Thus using a fixed plaintext, change the input plaintext to be   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 We'll only be able to change the LAST TWO bytes, everything else will be too slow. So change the input plaintext to   00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 And you can see the power trace change drastically, as below: [[File:B11_RSA_example8000.png|400px]] Finally, let's flip another bit. Change the input plaintext as follows, such that bit #4 in the final bit is set HIGH. We can plot the two power traces on top of each other, and you see that they are differing at a point in time: [[File:B11_RSA_bit4diff.png|400px]]  
[[File:B11_plaintext_setting.png|400px]]
Approved_users, bureaucrat, administrator
1,956
edits