Documentation

AES design

The AES design used for the acquisitions is the design from AIST and Tohoku University available with the SASEBO GII board. It is available for download from the Download page.

The AES module performs one round of AES per clock cycle.

Trace format

The format of the traces is described in the Tables page.

Reference attack

A reference attack can be downloaded from the Download page.

Technical requirements for attack programs (for Unix, Linux and Mac OS X only)

Introduction

The attack programs provided by participants will be launched by a small program (called the attack wrapper) which is in charge to provide traces to the attack program and to collect the results of the attack.

The attack program must be able to run on a x86_64 or a x86 machine running Linux (Debian stable (Lenny)). Attack programs are submitted as source code and binaries (source code only is possible if necessary, we can compile them). The communication protocol between the attack program and the wrapper is detailed below.

The traces on which the attack must be performed are provided directly by the wrapper because they come from the private database which is not publicly accessible.

The attack program communicates with the wrapper using the standard input (stdin, corresponding to the file descriptor number 0, to retrieve data from the wrapper) and the standard output (stdout, corresponding to the file descriptor number 1, to send data to the wrapper). The attack program can also display debug or information by writing to the standard error output (stderr, corresponding to the file descriptor number 2).

The wrapper is available for download on the Download page. When the wrapper is run outside of our lab, it retrieves traces for the attack, not from the private base but from the public base to allow participants to test and debug their attacks.

When the attack program is launched, it first needs to read two bytes from its standard input. These two bytes represent an unsigned little-endian 16-bit integer representing the number of traces that will be sent by the wrapper to the attack program during its execution. After this number of traces is reached, the attack program can exit normally.

When it is ready to perform the attack against traces, it sends the following sequence on its standard output: \n.\n (a line feed character followed by a dot followed by a line feed character, i.e. the sequence 0A 2E 0A in hexadecimal). This allows the attack program to send license information for instance on its standard output at launch without disturbing the communication between the wrapper.

Then the attack program reads on its standard input the first trace to attack. The trace format is described below. When the attack program has finished to process the trace, it sends the result matrix to the wrapper by writing it to its standard output. Then it reads a new trace from its standard input and write the next result matrix to its standard output. When the number of traces to be processed has been reached, the attack program can terminate.

Format of data representing a trace sent by the wrapper to the attack program's standard input:


struct attack_trace

{

   uint8_t plaintext[16];

   uint8_t ciphertext[16];

   int16_t samples[3253];

};

The first 16 bytes read from the standard input are the plaintext, the next 16 bytes are the ciphertext and the last 6506 bytes are the trace (represented using the same format as described in the Tables page).

Format of the data representing the result matrix sent by the attack program on its standard output:


struct attack_partial_result

{

   uint8_t subkey_num;

   uint8_t bytes[16][256];

};

The first byte to write is the AES subkey number that is attacked (from 0 for the key used in the first initial AddRoundKey, to 10 for the key used in the AddRoundKey in the 10th round). The next 256 bytes to write to the standard output are the 256 candidates for the first byte of the key sorted according to their likelihood (the first is the most likely value and the 256th is the less likely value). The next 256 bytes are the 256 candidates for the second byte of the key, etc. up to the 16th byte of the key.