458
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
no edit summary
== Setting Up the Project ==
It is assumed you are experienced with Python development, or have at least run a Python program! If you are on Windows you'll probably use IDLE for as a code editor, although you can use any code editor you wish.
Initially, we'll be using Python interactively. This means to just run <code>python</code> at the command prompt, and enter commands into the window. Later we'll move onto writing a simple script which executes these commands.
Note that in Python we can specify hex constants directly! Now the system will only be searching from 0x26 - 0x2F for the correct key. Once we have a guess, we need to calculate the intermediate value corresponding to the guess.
Looking way back to how AES works, remember we are effectively attempint attemping to target the position at the bottom of this figure:
<blockquote>[[File:Sbox_cpa_detail.png|frame|none|alt=|caption The AES algorithm involves a number of rounds, this is a detail from the first round of operation. Each input byte is XOR'd with a byte of the (unknown) secret key. This is passed through an S-Box, which is simply a look-up table. The output of this S-Box is what we'll use to 'check' our guessed value of the key.]]
</blockquote>
The objective is thus to determine the output of the SBoxS-Box, where the S-Box is defined as follows:
<pre>sbox=(
Next, let's again consider the three sums to be implemented:
<math>sumnum = {\sum\nolimits_{d = 1}^D {\left[ {\left( {{h_{d,i}} - \overline {{h_i}} } \right)\left( {{t_{d,j}} - \overline {{t_j}} } \right)} \right]} }</math> <math>sumdem1 = \sum\nolimits_{d = 1}^D {{{\left( {{h_{d,i}} - \overline {{h_i}} } \right)}^2}}</math> <math>sumdem2 = \sum\nolimits_{d = 1}^D {{{\left( {{t_{d,j}} - \overline {{t_j}} } \right)}^2}}</math>
Note there is some common terms in all three of these, along with a common summation index. We can thus implement them as follows:
<pre>cpaoutput[kguess] = sumnum / np.sqrt( sumden1 * sumden2 )</pre>
<pre>import numpy as np
Best Key Guess:
2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </pre>
== Calculating The PGE ==
== Future Changes ==
The implementation of the correlation function runs as a loop over all traces. Ideally we'd like to implement this as a 'online' calculation; that is , we can add a trace in, observe the output, add another trace in, observe the output, etc. When generating plots of the Partial Guessing Entropy (PGE) vs. number of traces this is greatly preferred, since otherwise we need to run the loop many times!
We can use an alternate form of the [[File:rij.png]] correlation equation, which explicitly stores sums of the variables. This is easier to perform online calculation with, since when adding a new trace it's simple to update these sums. This form of the equation looks like: <math>r_{i,j} = \frac{D \sum_{d=1}^D h_{d,i}t_{d,j} - \sum_{d=1}^D h_{d,i} \sum_{d=1}^D t_{d,j}}{\sqrt{\Big(\big(\sum_{d=1}^D h_{d,i}\big)^2 - D\sum_{d=1}^D h_{d,i}^2\Big)\Big(\big(\sum_{d=1}^D t_{d,j}\big)^2 - D\sum_{d=1}^D t_{d,j}^2\Big)}}</math>
<blockquote></blockquote>
== Complete Program ==
The following shows the derivation of the online correlation equation from the original form:
[[File:Rij_conversion.png]]
== Links ==
{{Template:Tutorials}}
[[Category:Tutorials]]
