Introduction
The ``DPA Contest'' is organised by the VLSI research group from the COMELEC department of the Télécom ParisTech french University. It has been officially opened at the occasion of the CHES'08 conference (Sunday 10th to Wednesday 13rd August 2008). Some power consumption traces have been made available, in order to allow the hardware security community to check their attack algorithms against large amounts of freely available traces.The goal of this initiative is to make it possible for researchers to compare in an objective manner their different attack algorithms. As this was impossible yesterday, because traces made by different laboratories are too different (acquisition platform sensitivity, cryptographic algorithm implementation, board's noise, ...), the dpacontest.telecom-paris.fr is an initiative towards an international benchmarking reference. Also, we expect significant advances or even breakthroughs to be stimulated by this peer-reviewed contest.
Contest Context
As the field of the hardware security is very large (refer for instance to this document from the Common Criteria), we will focus this contest on a specific class of attacks, made on a unique cryptographic algorithm and for a unique implementation:- The class of attacks we consider is Differential Power Analysis like attacks (SPA, DPA, CPA, MIA, and any variant). Since the acquisitions are realized with a fixed key, there is no easy way to train the algorithm prior the attack, making so-called `template attacks' not realizable (at least not trivially).
- Regarding the selected cryptographic algorithm, we stick on the good old Data Encryption Standard, because despite its venerable age, it is the most systematically studied encryption algorithm. It is also somehow representative of the so-called Feistel networks. The AES, belonging to the sibling class known as SPN, will be studied next year.
- The architecture of the DES co-processor is a straightforward parallel execution, scheduled at one round per clock period. It is described into great details in this publication in Integration, the VLSI Journal from Elsevier.
Acquisition Platform
The traces have been measured by an home-made acquisition platform, described extensively in Appendix A of the PhD thesis of Sylvain GUILLEY. This acquisition platform belongs to TELECOM ParisTech.
Other publicly described side-channel acquisition platforms are listed below:
- Side-channel Attack Standard Evaluation Board (SASEBO) by the Japan AIST / RCIS.
- DPA Workstation of Cryptographic Research Incorporated (CRI): Commercial description.
- Inspector by riscure.
Disclaimer: the data and code provided by dpacontest.telecom-paris.fr apply to the evaluation of academic, unprotected and whitebox cryptographic implementations. The goal of this contest is definitely not to encourage piracy on whatsoever commercial hardware; instead, it aims at enhancing the state-of-the-art of ``hardware security'' against observation attacks. This approach has proven to be efficient in cryptography: the AES, the SHA-3 or the eSTREAM contests are emblematic in this respect. We wish to apply this model at the hardware level. The advances in this field also help prepare the security challenges to be met with the advent of forthcoming nano-technologies.
Latest news:
- A preliminary debriefing of the dpacontest.telecom-paris.fr will be presented during Crypto'Puces, that will take place from June 2nd to June 6th 2009 on Porquerolles Island, and during CryptArchi, that will take place from June 24th to 27th 2009 at Prague.
Organizers and sponsors:
 |
 |