458
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
no edit summary
== Setting Up the Project ==
It is assumed you are experienced with Python development, or have at least run a Python program! If you are on Windows you'll probably use IDLE for as a code editor, although you can use any code editor you wish.
Initially, we'll be using Python interactively. This means to just run <code>python</code> at the command prompt, and enter commands into the window. Later we'll move onto writing a simple script which executes these commands.
Note if you want to use matplotlib, and are running a native Python installation, you may need to install that package. If the <code>import matplotlib</code> command listed in the next section fails, you'll need to install these, which again for Windows you can get from the [http://www.lfd.uci.edu/~gohlke/pythonlibs/#pyparsing Pre-Built Windows Binaries].
== Exploring the Trace Data ==
The next step is to read the trace data. I assume If youdon've already t have performed a capture. You need to find the source trace filesany data yet, which have a <code>.npy</code> extension. You can you should follow the path of a <code>.cwp</code> steps in [[Tutorial B5 Breaking AES (ChipWhisperer ProjectStraightforward) file ]] to find the associated trace <code>.cfg</code> file. The same directory as the <code>.cfg</code> file will have the <code>.npy</code> filesrecord some traces.
You need to find the source trace files, which have a <code>.npy</code> extension. You can follow the path of a <code>.cwp</code> (ChipWhisperer Project) file to find the associated trace <code>.cfg</code> file. The same directory as the <code>.cfg</code> file will have the <code>.npy</code> files. As an example, consider say that our <code>.cwp</code> file contains this line:
<pre>[Trace Management]
tracefile0 = default-data-dir\traces\config_2013.11.18-16.40.58_.cfg</pre>
Opening the <code>.cfg</code> file shows the <code>prefix=</code> line, which tells us the name of the data files:
numPoints = 3000
prefix = 2013.11.18-16.40.58_</pre>
This means our trace file is in <code>default-data-dir\traces\2013.11.18-16.40.58_traces.npy</code> for example, and the plaintext is in <code>default-data-dir\traces\2013.11.18-16.40.58_textin.npy</code>.
Using default installs, this directory will be <code>C:\chipwhisperer\software\chipwhisperer\capture\default-data-dir\traces</code>. Let's assume you've run a capture and have 50 traces of our usual AVR target.
Then use <code>np.load</code> as such (note: the '''r''' infront of the string means you don't need to escape slahes
<blockquotepre>>>> traces = np.load(r'C:chipwhisperersoftwarechipwhisperercapturedefault-data-dirtraces2013.11.18-16.40.58_traces.npy') >>> pt = np.load(r'C:chipwhisperersoftwarechipwhisperercapturedefault-data-dirtraces2013.11.18-16.40.58_textin.npy')</blockquotepre>You can print , for example , the first plaintext sent to the device:
<pre>>>> pt[0]
[<matplotlib.lines.Line2D object at 0x05EF3CF0>]
>>> plt.show()</pre>
After executing <code>plotplt.show()</code> you should get a window to pop up with the single power trace.
== Reading the Trace Data in a Script ==
Note that in Python we can specify hex constants directly! Now the system will only be searching from 0x26 - 0x2F for the correct key. Once we have a guess, we need to calculate the intermediate value corresponding to the guess.
Looking way back to how AES works, remember we are effectively attempint attemping to target the position at the bottom of this figure:
<blockquote>[[File:Sbox_cpa_detail.png|frame|none|alt=|caption The AES algorithm involves a number of rounds, this is a detail from the first round of operation. Each input byte is XOR'd with a byte of the (unknown) secret key. This is passed through an S-Box, which is simply a look-up table. The output of this S-Box is what we'll use to 'check' our guessed value of the key.]]
</blockquote>
The objective is thus to determine the output of the SBoxS-Box, where the S-Box is defined as follows:
<pre>sbox=(
Next, let's again consider the three sums to be implemented:
<math>sumnum = {\sum\nolimits_{d = 1}^D {\left[ {\left( {{h_{d,i}} - \overline {{h_i}} } \right)\left( {{t_{d,j}} - \overline {{t_j}} } \right)} \right]} }</math> <math>sumdem1 = \sum\nolimits_{d = 1}^D {{{\left( {{h_{d,i}} - \overline {{h_i}} } \right)}^2}}</math> <math>sumdem2 = \sum\nolimits_{d = 1}^D {{{\left( {{t_{d,j}} - \overline {{t_j}} } \right)}^2}}</math>
Note there is some common terms in all three of these, along with a common summation index. We can thus implement them as follows:
<pre>cpaoutput[kguess] = sumnum / np.sqrt( sumden1 * sumden2 )</pre>
<pre>import numpy as np
Best Key Guess:
2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </pre>
== Calculating The PGE ==
== Future Changes ==
The implementation of the correlation function runs as a loop over all traces. Ideally we'd like to implement this as a 'online' calculation; that is , we can add a trace in, observe the output, add another trace in, observe the output, etc. When generating plots of the Partial Guessing Entropy (PGE) vs. number of traces this is greatly preferred, since otherwise we need to run the loop many times!
We can use an alternate form of the [[File:rij.png]] correlation equation, which explicitly stores sums of the variables. This is easier to perform online calculation with, since when adding a new trace it's simple to update these sums. This form of the equation looks like: <math>r_{i,j} = \frac{D \sum_{d=1}^D h_{d,i}t_{d,j} - \sum_{d=1}^D h_{d,i} \sum_{d=1}^D t_{d,j}}{\sqrt{\Big(\big(\sum_{d=1}^D h_{d,i}\big)^2 - D\sum_{d=1}^D h_{d,i}^2\Big)\Big(\big(\sum_{d=1}^D t_{d,j}\big)^2 - D\sum_{d=1}^D t_{d,j}^2\Big)}}</math>
<blockquote></blockquote>
== Complete Program ==
The following shows the derivation of the online correlation equation from the original form:
[[File:Rij_conversion.png]]
== Links ==
{{Template:Tutorials}}
[[Category:Tutorials]]
