Skip to content

Latest commit

 

History

History

examples

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.rst
README.rst
 
 
aes_attack.py
aes_attack.py
 
 
aes_info.py
aes_info.py
 
 
aes_tvla.py
aes_tvla.py
 
 
test_examples.py
test_examples.py
 
 
utils.py
utils.py
 
 

README.rst

SCALib examples

For more detailed documentation and parameters, see the API documentation at https://scalib.readthedocs.io/.

The examples in this directory attack simulated leakage from an unprotected AES implementation leaking the Hamming weight of the state bytes, with additive Gaussian noise.

Key recovery

This example demonstrates a key-recovery attack on the simulated leakage.

python3 aes_attack.py

The attack goes in multiple steps:

  1. Generate the simulated traces
    1. One set of profiling traces with random keys.
    2. One set of attack traces with a fixed key.
  2. Select POIs for attacking the Sbox outputs x_i.
    1. Compute the scalib.metrics.SNR for all the 16 x.
    2. Keep as POI the 2 points with the largest SNR.
  3. Profile the variables at the outputs of the Sboxes.

    1. Fit a scalib.models.LDAClassifier to model the leakage PDF. Note: We could also use the convenience wrapper ``scalib.models.MultiLDA`` here: it provides a concise API (with automatic parallelization), but it is less flexible. 2. Extract the probabilities of x_i using the attack traces and the models.

  4. Recover the key k.
    1. Create a factor graph describing the inference problem with scalib.attacks.FactorGraph.
    2. Create a belief propagation object (scalib.attacks.BPState) with the prior distributions of x and the values of the public variables p.
    3. Run belief propagation to map the information from x to k.

    Our factor graph here is acyclic, so we can to exact inference. SCALib also supports approximate inference with loopy belief propagation for more complex cases.

  5. Evaluate the attack results
    1. Show the rank for each key byte.
    2. Show the overall key rank with scalib.postprocessing.rank_accuracy.

TVLA

This example runs a fixed-vs-random first- and second-order univariate TVLA using scalib.metrics.Ttest.

python3 aes_tvla.py

SCALib also supports multivariate T-test in ``scalib.metrics.MTtest``, and allows you to arbitrarily choose your sets of points of interest.

Information metrics

The quality of a model can be quantified using the Perceived Information (PI) and Training Information (TI) (see https://eprint.iacr.org/2022/490). In the example, we do this for pooled Gaussian Templates

python3 aes_info.py

Protected AES (ASCAD)

See https://github.com/cassiersg/ASCAD-5minutes

This attack is fairly similar to aes_attack,py, but attacks a real-world protected implementation with first-order masking.