DPA Contest v3

DPA contests home

Introduction

Rules

Tools

Participate

Hall of Fame

Tools

SASEBO-GII Hardware Resources

The MCS files for the two FPGAs of the SASEBO-GII board (one for the control FPGA and one for the cryptographic FPGA) are available from the AIST webpage. The Verilog source code of the design of the control FPGA is also available.

Waveform Acquisition Software

A Waveform Acquisition Software for Windows is available from the AIST webpage. This software controls the AES engine on the SASEBO-GII board and the oscilloscope to acquire traces.

Specification of the communication protocol with the SASEBO board

To communicate with the SASEBO board, you can use either the acquisition software above, or design your own communication software. To do this, you can find the description of the communication protocol with the board below.

To communicate with a PC, the SASEBO GII board embedded an FTDI FT2232D chip. This chip offers two communication channel: A and B. Only the B channel is connected to the control FPGA, so we have to use this channel. When the board is plugged in, two communication ports appears on the PC (you do not need driver if you use Linux, but you need VCP drivers if you use Windows).

Under Linux, the channel A is accessible with the /dev/ttyUSBi device (e.g. /dev/ttyUSB0) and the channel B is accessible with the /dev/ttyUSB(i+1) device (e.g. /dev/ttyUSB1). You can verify the exact device numbers using the command dmesg.

Under Windows, if you use the VCP driver, the channel A is accessible with the COMi port (e.g. COM5) and the channel B is accessible with the COM(i+1) port (e.g. COM6).

The standard design we provide understands two basic commands: read and write.

Read command

From PC to board:

Read command	Address (16 bits)
8 bits	8 bits	8 bits
0x00	MSB	LSB

From board to PC:

Data read (16 bits)
8 bits	8 bits
MSB	LSB

Write command

From PC to board:

Write command	Address (16 bits)		Data written (16 bits)
8 bits	8 bits	8 bits	8 bits	8 bits
0x01	MSB	LSB	MSB	LSB

Organization of the memory space

With the two commands described above, you can read and write data to the memory space of the SoC.

Address	Description
0x0002	Status and control: If write 0x0001, triggers the cryptographic operation. If write 0x0004, next 0x0000, resets the selected IP. Reads 0x0000 when the IP is idle (when an operation is done).
0x0004	IP selection: 32 bits indicating the number of the IP to select (16 least significant bits at address 0x0004 and 16 most significant bits at address 0x0006). The ID of the AES IP module is 0x00000001.
0x0008	IP output selection: 32 bits indicating the number of the IP to select (16 least significant bits at address 0x0008 and 16 most significant bits at address 0x000A). The ID of the AES IP module is 0x00000001.
0x000C	Mode: 0x0000 for encryption, 0x0001 for decryption
0x0100	Key: The key used by the cryptographic IP is located here. Do not overwrite this location if you want to use the default key (which has to be used in the DPA contest v3)
0x0140	Input text: The input message (i.e. the cleartext for encryption operation or the ciphertext for decryption operation)
0x0180	Output text: The output of the cryptographic module is stored here (i.e. the ciphertext for encryption operation and the plaintext for decryption operation)

Some examples are described below for common operations.

Initialization

To initialize the board and select the correct IP module:

1. Write 0x0001 at address 0x0004
2. Write 0x0000 at address 0x0006
3. Write 0x0004 at address 0x0002
4. Write 0x0000 at address 0x0002
5. Write 0x0001 at address 0x0008
6. Write 0x0000 at address 0x000A
7. Write 0x0002 at address 0x0002
8. Read at address 0x0002 until the read value is equal to 0x0000

Encrypt data

To encrypt a 16 bytes (128 bits) message (P0...P15):

1. Write 0x0000 at address 0x000C
2. Write {P0,P1} at address 0x0140
3. Write {P2,P3} at address 0x0142
4. Write {P4,P5} at address 0x0144
5. Write {P6,P7} at address 0x0146
6. Write {P8,P9} at address 0x0148
7. Write {P10,P11} at address 0x014A
8. Write {P12,P13} at address 0x014C
9. Write {P14,P15} at address 0x014E
10. Write 0x0001 at address 0x0002
11. Read at address 0x0002 until the read value is equal to 0x0000
12. Read {C0,C1} at address 0x0180
13. Read {C2,C3} at address 0x0182
14. Read {C4,C5} at address 0x0184
15. Read {C6,C7} at address 0x0186
16. Read {C8,C9} at address 0x0188
17. Read {C10,C11} at address 0x018A
18. Read {C12,C13} at address 0x018C
19. Read {C14,C15} at address 0x018E

Specification of the trace archive to be sent

This section describes the format that your traces should respect before sending them for evaluation. If you use the acquisition software available above, you do not have to worry about these details as this software produces the traces using the correct format (just check the allowed archive formats). However, if you use your own software to perform the acquisition, you should read this section to properly prepare the traces before sending them.

You will be asked to submit two files: one archive containing the traces and one archive contianing the description of your platform. This first archive archive shall contain at least 4 files: info.xml, text_in.txt, text_out.txt and wave.txt. The archive itself shall be either a ZIP, a 7Z, a TAR.GZ or a TAR.BZ2 archive. Other formats (such as RAR) are not allowed.

Each line of the 3 files text files (text_in.txt, text_out.txt and wave.txt) describes an acquisition. So if you have acquired 2,000 traces, these 3 files will have 2,000 lines each.

• text_in.txt Each line of this file contains the human-readable hexadecimal representation of a plaintext (the line number i contains the plaintext used for the acquisition of the trace number i). As the plaintext is 128-bit long, each line contains 32 hexadecimal digits (ASCII characters 0-9 A-F). Each byte (group of 2 digits) is separated by a space. Example: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
• text_out.txt Each line of this file contains the human-readable hexadecimal representation of a ciphertext (the line number i contains the ciphertext produced during the acquisition of the trace number i). As the ciphertext is 128-bit long, each line contains 32 hexadecimal digits (ASCII characters 0-9 A-F). Each byte (group of 2 digits) is separated by a space. Example: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
• wave.txt Each line of this file contains the samples (encoded in a human readable representation) of a trace (the line number i contains the samples of the trace number i, which correspond to the encryption of the plaintext which is available in the line number i of the file text_in.txt and the ciphertext which is available in the line number i of the file text_out.txt). Each sample is separated by a space. The preferred way to encode sample is using integers (such as: 123 or -654). However we also accepts common textual floating point representations (e.g. 12.34 or 45e-3). Each line should contains the same number of samples.
• info.xml This file contains meta data about the acquisitions. You can find below an example of this file. Just replace the values in bold with the appropriate values. <?xml version="1.0" encoding="utf-8"?>
<WaveformInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Date>2010/01/01 00:00:00</Date>
  <Operator>aist@AIST</Operator>
  <WaveType>PowerTrace</WaveType>
  <WaveFormat>System.Single[]</WaveFormat>
  <Instrument>Unknown</Instrument>
  <Module>Unknown</Module>
  <Cipher>Unknown</Cipher>
  <KeyLength>128</KeyLength>
  <TextWidth>128</TextWidth>
  <NumTrace>2000</NumTrace>
  <NumPoint>12000</NumPoint>
</WaveformInfo>
In the field Date, put the date of the acquisition, in WaveType the type of wave (PowerTrace, EMTrace...), in Instrument the model of the scope you have used, in NumTrace the number of traces you send (i.e. the number of lines in each text file) and in NumPoint the number of samples in each trace (i.e. the number of samples on each line of the file wave.txt).

The name of this final archive should be of the form YYYY_MM_DD_name_traces.zip where name is either your name or the name of your team and YYYY_MM_DD is the date of the submission (e.g. 2012_01_01) (replace .zip with the appropriate file extension if you use other allowed archive format). The maximum allowed size for the archive is 100 MBytes.

An example of a correct archive file is available on the AIST webpage.

The second archive (the one containing the description of your acquisition platform), shall be named YYYY_MM_DD_name_description.zip, and must contain at least one PDF document with the description of the platform (probes, scope, post-treatments, etc.).

/ Twitter account: DPAContest / Announcement mailing list