DPA Contest 2008/2009

DPA contests home

Introduction

Rules

Download

Documentation

Traces Tables

Participate

Hall of Fame

Frequently Asked Questions

Hall of Fame

The contest is open from August 2008 to Sunday August 30th 2009, at 23:59 GMT. The results will be debriefed at CHES'09 in Lausanne, during the special session organized on Monday September 7th, from 16:45 to 18:00.

We inform the challengers and the observers that we have received many requests regarding a clarification of the traces' order. In a view not to change the rules in the middle of the contest but to take into account the relative merits of attacks that exploit or not a crafted traces sorting (i.e. chosen plaintext versus known plaintext attacks), we are thinking to divide the hall of fame into four categories: Representative order, meaning that the attack has been executed a large number of times and that score considered for the classification is the average number of traces for the key retrieval. The article Improving the Rules of the DPA Contest (IACR eprint # 2008/517), signed by François-Xavier STANDAERT, Philippe BULENS, Giacomo de MEULENAER and Nicolas VEYRAT-CHARVILLON, affiliated at the UCL, gives some indications about the way to be rated under this category. Chosen plaintext order, where the traces order is computed by an algorithm that is explicited in the attack source code. Fixed order, that models an attack at known albeit not chosen plaintext or ciphertext. The order is either that of the database without SQL SORT BY clause (preferred choice) or of the ZIP archive (secondary choice) or of the temporal acquisition (secondary choice). Custom order, left at the discretion of the attacker (of course, an explanation of the sorting strategy is preferred :-)). If you have any question or concern with this new way of presenting the DPA contest results, please feel free to contact us.

NEW!!! IMPORTANT ELIGIBILITY NOTICE

It has been decided that the winning attack will be the one that uses in average the less number of traces to statistically retrieve all the key bits. The motivation for this choice is to foster generic attacks, thus hopefully portable to other measurements, rather than ad hoc attacks, specific to this DPA contest edition. We are aware that some significant amount of work is required to port an attack submitted in category 2, 3 or 4 to category 1. Therefore,

• The organizers are going to provided clear guidelines and an example;
• We encourage every participant to switch as soon as possible to `category 1' attacks;
• For those participants who require technical assistance, the organizers will make their best to assist them in the porting task.

The authors of the best attack will be invited to present their strategy during the plenary special session of CHES devoted to the DPA contest.

The hall of fame is listed below or alternatively can be seen graphically in this figure:

1. Representative order

1. 141.42 traces for an average success rate, estimated with 100 attacks, using a "maximum likelihood method with a bivariate known model" based on a representative order, by Christophe CLAVIER, 3iL and Université de Limoges, (SVN revision 197, 2009 August 18th).
2. 145.06 traces for an average success rate, estimated with 100 attacks, using a "maximum likelihood method with a bivariate unknown model" based on a representative order, by Christophe CLAVIER, 3iL and Université de Limoges, (SVN revision 263, 2009 August 30th).
3. 152.42 traces for an average success rate, estimated with 100 attacks, using a "maximum likelihood method with a univariate unknown model" based on a representative order, by Christophe CLAVIER, 3iL and Université de Limoges, (SVN revision 263, 2009 August 30th).
4. 176.62 traces for a "BS-enhanced-CPA with sbox attack order determined on-the-fly" based on a representative order, by Victor LOMNE, LIRMM (SVN revision 258, 2009 August 30th).
5. 224 traces for an average success rate, estimated with 1000 attacks, using a "dual round attack by BS-CPA using improved model" based on a representative order, by Daisuke SUZUKI and Minoru SAEKI, Mitsubishi Electric Corporation, (SVN revision 241, 2009 August 28th).
6. 230.78 traces for an average success rate, estimated with 100 attacks, using a "stochastic model attack" based on a representative order, by Yongdae KIM, Tohoku university Aoki laboratory (SVN revision 235, 2009 August 28th).
7. 234.379 traces for an average success rate, estimated with 1000 attacks, using a "CPA with build-up technique", by Hideo SHIMIZU, Toshiba Corporation (SVN revision 201, 2009 August 20th).
8. 252.831 traces for an average success rate, estimated with 1000 attacks, using a "Correlation Power Analysis with Cooperative Optimization Post-processing (CPA-COP)" by Renaud PACALET, Institut TELECOM / TELECOM ParisTech, (SVN revision 261, 2009 August 30th).
9. 253.73 traces for an average success rate, estimated with 100 attacks, using an "alledged maximum likelihood method", based on Éric PEETERS et al "Improved Higher-Order Side-Channel Attacks with FPGA Experiments", CHES 2005, pp. 309-323, by Hideo SHIMIZU, Toshiba Corporation (SVN revision 234, 2009 August 28th).
10. 265.379 traces for an average success rate, estimated with 100 attacks, using a "Correlation Power Analysis with Cooperative Optimization Post-processing (CPA-COP)" by Renaud PACALET, Institut TELECOM / TELECOM ParisTech, (SVN revision 246, 2009 August 28th).
11. 166+100 traces for a success rate greater than 50%, estimated with 1000 attacks, using a "Correlation Power Analysis with Cooperative Optimization Post-processing (CPA-COP)" by Renaud PACALET, Institut TELECOM / TELECOM ParisTech, (SVN revision 188, 2009 August 17th: success rates).
12. 176+100 traces for an average success, estimated with 1000 attacks, using a "Dual round attack by BS-CPA using improved power model" by Daisuke SUZUKI and Minoru SAEKI, Mitsubishi Electric Corporation, (SVN revision 194, 2009 August 19th: success rates).
13. 367.025 traces for an average success rate, estimated with 200 attacks, using a "classical CPA considering the left side of the message register", by Antonio SOBREIRA and Dejan LAZICH, Institut für Kryptographie und Sicherheit, Universität Karlsruhe (TH) (SVN revision 257, 2009 August 30th).
14. 371.772 traces for an average success rate, estimated with 1000 attacks, using a "classical DPA", by Hideo SHIMIZU, Toshiba Corporation (SVN revision 201, 2009 August 20th).
15. 388.988 traces for an average success rate, estimated with 1000 attacks, using a "classical CPA", by Hideo SHIMIZU, Toshiba Corporation (SVN revision 201, 2009 August 20th).
16. 149.00 (to be confirmed) traces for an average success rate, estimated with 1000 attacks, using a "BS-CPA on 2-sboxes" based on a representative order, by Laurent SAUVAGE, Institut TELECOM / TELECOM ParisTech, (SVN revision 259, 2009 August 30th).
17. Please also feel free to refer to the example based on the python reference attacks in https://svn.comelec.enst.fr/dpacontest/code/ches09 (SVN revision 174, 2009 August 10th). This code has been submitted by Laurent SAUVAGE, Institut TELECOM / TELECOM ParisTech, member of the DPA contest organization team. It yields:
    • 485.354 traces for the "4-bit DPA on the first round, w/o pre-processing";
    • 530.454 traces for the "4-bit CPA on the first round, w/o pre-processing";
    • 1250.178 traces for the "1-bit DPA on the first round, w/o pre-processing";
    • 1435.463 traces for the "1-bit CPA on the first round, w/o pre-processing".

2. Chosen plaintext order

1. None so far...

3. Fixed order

1. 120 traces, using a "Dual round attack by BS-CPA using improved power model" with the database order, implemented by Daisuke SUZUKI and Minoru SAEKI, Mitsubishi Electric Corporation, (SVN revision 153, 2009 August 5th).
2. 134.67 traces, using a "maximum likelihood method with a bivariate known model" based on the acquisitions temporal order, by Christophe CLAVIER, 3iL and Université de Limoges, (SVN revision 197, 2009 August 18th).
3. 143 traces for a "BS-CPA using Pearson's correlation" (see attack description in article Build-in determined Sub-key Correlation Power Analysis, deposited on the IACR ePrint by Yuichi KOMANO, Hideo SHIMIZU and Shinichi KAWAMURA) with the database order, implemented by Hideo SHIMIZU, Toshiba Corporation (SVN revision 120, 2009 April 7th).
4. 203 traces for "stochastic attack" using the database order, implemented by Yongdae KIM, Tohoku university Aoki laboratory (SVN revision 218, 2009 August 24th).
5. 208 traces, using a "Build-in Determined Sub-key Composition Multi-DPA" (BS-CM DPA) with the database order, implemented by Jung HAE-IL, Korea University C.I.S.T (Center For Information Security Technologies), (SVN revision 222, 2009 August 25th).
6. 232 traces for an attack that "targets 2 sboxes at a time (12 key bits), using a sum of the correlation above a certain threshold as a criterion" using the ZIP archive file order, implemented by Eloi SANFELIX, Riscure (SVN revision 96, 2009 February 2nd).
7. 310 traces for a "enhancement of the CPA (from the work of Thanh-Ha LE & al.) on the 16th round of the DES selecting the good temporal window" using the database order, implemented by Victor LOMNE, LIRMM (SVN revision 93, 2009 January 30).
8. 322 traces for a "CPA on the 16th round of the DES selecting the good temporal window" using the database order, implemented by Victor LOMNE, LIRMM (SVN revision 93, 2009 January 30).
9. 327 traces for a "DPA DoM HW on the 16th round of the DES" using the database order, implemented by Victor LOMNE, LIRMM (SVN revision 93, 2009 January 30).
10. 360 traces for a "DPA DoM 4bits on the 16th round of the DES" using the database order, implemented by Victor LOMNE, LIRMM (SVN revision 93, 2009 January 30).
11. 462 traces for an attack that "sums all the correlation values that are above a certain noise threshold when selecting the best candidate" with the database order implemented by Eloi SANFELIX, Riscure (SVN revision 61, 2008 December 17).
12. 466 traces for a variant of the SVN r46 attack that "selects the right trace portion" with the database order implemented by Eloi SANFELIX, Riscure (SVN revision 61, 2008 December 17).
13. 482 traces for a variant of the SVN r25 attack that "selects the right trace portion" with the database order implemented by Eloi SANFELIX, Riscure (SVN revision 61, 2008 December 17).
14. 569 traces for the multi-bit CPA with fourth-order cumulant preprocessing implementation with the database order coded by Sylvain GUILLEY (SVN revision 46, 2008 October 15).
15. 584 traces for the multi-bit CPA implementation with the database order coded by Sylvain GUILLEY (SVN revision 25, 2008 August 26).
16. 866 traces for the multi-bit DPA implementation with the database order coded by Sylvain GUILLEY (SVN revision 20, 2008 August 25).
17. 2,766 traces for the reference implementation with the database order coded by Florent FLAMENT (SVN revision 6, 2008 August 11).

4. Custom order [notice]

1. 107 traces for an "advanced BS-CPA" using a statistically optimized order described in this file, implemented by Hideo SHIMIZU, Toshiba Corporation (SVN revision 146, 2009 August 3rd).
2. 112 traces for a "DPA DoM 4bits on the 16th round of the DES selecting the good temporal window" using a statistically optimized order described in this file, implemented by Victor LOMNE, LIRMM (SVN revision 140, 2009 May 17th).
3. 116 traces for a "CPA enhancement (from the work of Thanh-La Le & al.) on the 16th round of the DES selecting the good temporal window" using a statistically optimized order described in this file, implemented by Victor LOMNE, LIRMM (SVN revision 140, 2009 May 17th).
4. 119 traces for a "BS-CPA using Pearson's correlation" (see the complete attack description in article Build-in determined Sub-key Correlation Power Analysis, deposited on the IACR ePrint by Yuichi KOMANO, Hideo SHIMIZU and Shinichi KAWAMURA) with the same order file as SVN r99, implemented by Hideo SHIMIZU, Toshiba Corporation (SVN revision 120, 2009 April 7th).
5. 128 traces for "CPA with chosen order" implemented by Yongdae KIM, Tohoku university Aoki laboratory (SVN revision 218, 2009 August 24th).
6. 135 traces for a "CPA using Pearson's correlation" with a special file order, implemented by Yongdae KIM, Tohoku university Aoki laboratory (SVN revision 99, 2009 March 3rd).
7. 329 traces for a Difference of Means on the last round using the same order file as SVN r85, implemented by Benedikt GIERLICHS, KUL (SVN revision 89, 2009 January 24).
8. 358 traces for an attack that "exploits the HW(L15 xor L16) (last round) DPA selection function" with a custom order implemented by Victor LOMNE, LIRMM (SVN revision 65, 2008 December 18).
9. 382 traces for a 4-bit DPA with a "t-test" on the last round using a custom order file, implemented by Benedikt GIERLICHS, KUL (SVN revision 85, 2009 January 23).
10. 412 traces for an attack that "exploits the HW(L15 xor L16) (last round) CPA selection function" with a custom order implemented by Victor LOMNE, LIRMM (SVN revision 65, 2008 December 18).

State-of-the-Art of Side-Channel Attacks Enhancements

Some ameliorations over the historical DPA are already known:

• 1999: publication by Paul KOCHER et al., "Differential Power Analysis".
• 1999: Multi-bit DPA, by Thomas S. MESSERGES et al., "Investigations of Power Analysis Attacks on Smartcards".
• 1999: IPA, by Paul N. FAHN and Peter K. PEARSON, "IPA: A New Class of Power Attacks".
• 2000: theoretical framework of DPA, by Jean-Sébastien CORON et al., "Statistics and Secret Leakage".
• 2000: first hints about the relevance of the ``Hamming distance'' leakage model in DPA, as raised by Christophe CLAVIER, Jean-Sébastien CORON and Nora DABBOUS, "Differential Power Analysis in the Presence of Hardware Countermeasures".
• 2003: SDPA, by Roman NOVAK, "Sign-Based Differential Power Analysis".
• 2004: CPA, by Éric BRIER et al., "Correlation Power Analysis with a Leakage Model".
• 2006: PPA, by Thanh-Ha LE et al., "A Proposition for Correlation Power Analysis Enhancement".
• 2007: CPA on 32-bit processors or FPGAs, by Michael TUNSTALL et al., "Correlation Power Analysis of Large Word Sizes".
• 2007: GCPA, by Sébastien AUMONIER, "Generalized Correlation Power Analysis".
• 2008: PPA demonstration and experimental evidences, by Thanh-Ha LE et al., "An overview of side channel analysis attacks".
• 2008: MIA principle, by Benedikt GIERLICHS et al., "Mutual Information Analysis".
• 2008: "Some Formal Solutions in Side-channel Cryptanalysis - An Introduction", by Fabrice J.P.R. PAUTOT, in the Cryptology ePrint Archive, Report 2008/508.

Besides, some noteworthy efforts towards a theorization of side-channel attacks evaluation are carried out in those works:

• 2006: "A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks", by François-Xavier STANDAERT, Tal G. MALKIN and Moti YUNG, in the Cryptology ePrint Archive, Report 2006/139. To be presented at Eurocrypt'09. This work has been extended into a comprehensive compilation of scientific articles, presented on the TSCA (Theoretical models for Side-Channel Attacks) webpage: http://www.dice.ucl.ac.be/~fstandae/tsca/.
• 2008: "Partition vs. Comparison Side-Channel Distinguishers – An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices", by François-Xavier STANDAERT, Benedikt GIERLICHS and Ingrid VERBAUWHEDE, in "Information Security and Cryptology" – ICISC 2008: 11th International Conference, LNCS, Seoul, Korea.
• 2008: "How (not) to compare Side-Channel Distinguishers", by Benedikt GIERLICHS and Ingrid VERBAUWHEDE, in "PASTIS" (presentation slides) 2008, December 2-3, Gardanne, France.

/ Twitter account: DPAContest / Announcement mailing list