Hall of fame
The results of the evaluation of the submitted attacks on the private database will be published on this page.
Participants
- November 19, 2014: Anonymous (2 attacks)
- January 27, 2015: Liu Junrong, Guo Zheng, Zhang Chi, Xu Sen, Wang Weijia, Bao Sigang (SJTU-SHHIC Co-Lab of Data Security and Protection, Shanghai Jiao Tong University), China
- January 29, 2015:
Tsunato Nakai, Daiki Tsutsumi, Mitsuru Shiozaki, Takaya Kubota,
Takeshi Fujino (Ritsumeikan University), Japan
Evaluation status: Strange results, waiting for the response of authors - March 12, 2015: Li Yang, Wang Weiqi, Zhang Chi (Shanghai Fudan Microeletronics Group Company Limited), China
- July 19, 2015: Zdeněk Martinásek (Faculty of Electrical Engineering and Communication, Brno University of Technology), Czech Republic
- August 22, 2015:
Anonymous
Evaluation status: Strange results, waiting for the response of authors - September 1, 2015: Hideo Shimizu (Toshiba Corporation Corporate Research & Development Center), Japan
- October 1, 2015: Zeyi Liu, Neng Gao, Chenyang Tu, Zongbin Liu, Jun Yuan, Yuan Zhao (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China
- October 1, 2015: Zeyi Liu, Zongbin Liu, Neng Gao, Chenyang Tu, Yuan Ma, Jun Yuan (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China
- October 1, 2015: Zeyi Liu, Neng Gao, Chenyang Tu, Zongbin Liu, Yuan Zhao, Yuan Ma (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China
- October 29, 2015:
Zdeněk Martinásek
(Faculty of Electrical Engineering and Communication, Brno
University of Technology), Czech Republic
Evaluation status: Strange results, waiting for the response of authors - January 21, 2016: Yuan Jun, Neng Gao, Chenyang Tu, Zeyi Liu, Zongbin Liu, Yuan Zhao (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China
- January 25, 2016: Anonymous
- February 11, 2016: Zeyi Liu, Chenyang Tu, Zongbin liu, Jun Yuan, Yuan Ma, Weijuan Zhang, Xiaona Zhang, Neng Gao, Yuan Zhao, Jia Zhuang (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China (3 attacks)
- March 1, 2016: Jiehui Tang, Hailong Zhang, Chao Zheng, Yongbin Zhou (State Key Laboratory of Information Security, Chinese Academy of Sciences), China
- June 24, 2016: Mélissa Rossi (Thales), France
- July 29, 2016: Zeyi Liu, Neng Gao, Zongbin Liu, Chenyang Tu, Jun Yuan, Min Li (Data Assurance and Communication Security Research Center, Chinese Academy of Sciences), China
- August 09, 2016: Dai Tian, Sun Xibo, Zhang Chi, Wang Lihui, Shan Weijun (Shanghai Fudan Microeletronics Group Company Limited), China
- August 14, 2016: Chi Zhang, Xibo Sun, Tian Dai, Lihui Wang and Weijun Shan (Shanghai Fudan Microeletronics Group Company Limited), China
- September 30, 2016: Dai Tian, Sun Xibo, Zhang Chi, Wang Lihui and Shan Weijun (Shanghai Fudan Microeletronics Group Company Limited), China
- January 18, 2017: Wei Cheng, Yuchen Cao, Yongbin Zhou, Chao Zheng, Hailong Zhang, Wei Yang (State Key Laboratory of Information Security, Chinese Academy of Sciences), China
Results
Old traces (October 2014)
| Participant | Submission date | GSR > 80% | Min PSR > 80% | Max PGE < 10 | GSR stable > 80% | Min PSR stable > 80% | Max PGE stable < 10 | GSR @1000 | Min PSR @1000 | Max PSR @1000 | Min PGE @1000 | Max PGE @1000 | Time/Trace (ms) | Attack type | Description |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Anonymous (CPA) Evaluated using 16 keys from the old database |
19/11/2014 | 46 | 32 | 26 | 54 | 44 | 26 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 700 ms | Profiled attack | Evaluation report (PDF) Description below |
| Anonymous (TA) Evaluated using 16 keys from the old database |
19/11/2014 | 18 | 12 | 7 | 18 | 12 | 7 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 1800 ms | Template attack | Evaluation report (PDF) Description below |
| Liu
Junrong, Guo Zheng, Zhang Chi, Xu Sen, Wang Weijia, Bao Sigang SJTU-SHHIC Co-Lab of Data Security and Protection, Shanghai Jiao Tong University, China Evaluated using 16 keys from the old database |
27/01/2015 | 15 | 11 | 10 | 15 | 11 | 10 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 50 ms | Template attack | Evaluation report (PDF) Description below |
| Li Yang, Wang Weiqi, Zhang Chi Shanghai Fudan Microeletronics Group Company Limited, China Evaluated using 16 keys from the old database |
12/03/2015 | 5 | 4 | 3 | 5 | 4 | 3 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 650 ms | Template attack | Evaluation report (PDF) Description below |
New traces (July 2015)
| Participant | Submission date | GSR > 80% | Min PSR > 80% | Max PGE < 10 | GSR stable > 80% | Min PSR stable > 80% | Max PGE stable < 10 | GSR @1000 | Min PSR @1000 | Max PSR @1000 | Min PGE @1000 | Max PGE @1000 | Time/Trace (ms) | Attack type | Description |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zdeněk Martinásek Faculty of Electrical Engineering and Communication, Brno University of Technology, Czech Republic Evaluated using 16 keys from the new database |
19/07/2015 | 104 | 99 | 107 | 119 | 119 | 107 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 2,300 ms | Template attack | Evaluation report (PDF) Description below |
| Hideo Shimizu Toshiba Corporation Corporate Research & Development Center, Japan Evaluated using 16 keys from the new database |
01/09/2015 | 21 | 10 | 1 | 21 | 10 | 1 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 160 ms | Template attack | Evaluation report (PDF) Description below |
| Zeyi Liu, Neng Gao, Chenyang
Tu, Zongbin Liu, Jun Yuan, Yuan Zhao Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack 2nd-CPA Evaluated using 16 keys from the new database |
01/10/2015 | 257 | 225 | 205 | 257 | 249 | 210 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 50 ms | Evaluation report (PDF) | |
| Zeyi Liu, Zongbin Liu, Neng
Gao, Chenyang Tu, Yuan Ma, Jun Yuan Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack TA-CPA Evaluated using 16 keys from the new database |
01/10/2015 | 11 | 11 | 8 | 11 | 11 | 8 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 200 ms | Template attack | Evaluation report (PDF) |
| Zeyi Liu, Neng Gao, Chenyang
Tu, Zongbin Liu, Yuan Zhao, Yuan Ma Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack TA Evaluated using 16 keys from the new database |
01/10/2015 | 4 | 4 | 2 | 4 | 4 | 2 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 100 ms | Template attack | Evaluation report (PDF) |
| Yuan
Jun, Neng Gao, Chenyang Tu, Zeyi Liu, Zongbin Liu, Yuan Zhao Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Evaluated using 16 keys from the new database |
21/01/2016 | 1 | 1 | 1 | 1 | 1 | 1 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | Template attack | ||
| Anonymous Evaluated using 16 keys from the new database |
25/01/2016 | 1 | 1 | 1 | 1 | 1 | 1 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 250 ms | Template attack | Evaluation report (PDF) |
| Zeyi Liu, Chenyang Tu, Zongbin liu, Jun Yuan Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack P2 Evaluated using 16 keys from the new database |
11/02/2016 | 698 | 682 | 640 | 698 | 682 | 640 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 100 ms | Non profiling | Evaluation report (PDF) |
| Zeyi Liu, Yuan Ma, Weijuan Zhang, Xiaona Zhang Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack P3 Evaluated using 16 keys from the new database |
11/02/2016 | 258 | 242 | 210 | 258 | 242 | 210 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 100 ms | Non profiling | Evaluation report (PDF) |
| Zeyi Liu, Neng Gao, Yuan Zhao, Jia Zhuang Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China Attack P4 Evaluated using 16 keys from the new database |
11/02/2016 | 565 | 556 | 644 | 565 | 556 | 726 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 100 ms | Non profiling | Evaluation report (PDF) |
| Jiehui Tang, Hailong Zhang, Chao Zheng, Yongbin Zhou State Key Laboratory of Information Security, Chinese Academy of Sciences, China Attack CPA-II Evaluated using 16 keys from the new database |
01/03/2016 | 173 | 168 | 190 | 173 | 168 | 190 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 3,500 ms | Non profiling | Evaluation report (PDF) |
| Mélissa Rossi Thales, France Evaluated using 16 keys from the new database |
12/07/2016 | 188 | 188 | 206 | 188 | 188 | 206 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 1,000 ms | Non profiling | Evaluation report (PDF) |
| Zeyi Liu, Neng Gao, Zongbin
Liu, Chenyang Tu, Jun Yuan, Min Li Data Assurance and Communication Security Research Center, CAS, China Evaluated using 16 keys from the new database |
29/07/2016 | 14 | 14 | 13 | 14 | 14 | 13 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 60 ms | Non profiling | Evaluation report (PDF) |
| Dai Tian, Sun Xibo, Zhang Chi, Wang Lihui, Shan Weijun Shanghai Fudan Microeletronics Group Company Limited, China Evaluated using 16 keys from the new database |
09/08/2016 | 3 | 2 | 1 | 3 | 2 | 1 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 2,900 ms | Template attack | Evaluation report (PDF) |
| Chi Zhang, Xibo Sun, Tian Dai, Lihui Wang and Weijun Shan Shanghai Fudan Microeletronics Group Company Limited, China Evaluated using 16 keys from the new database |
14/08/2016 | 349 | 256 | 188 | 416 | 296 | 214 | 0.94 | 0.94 | 1.00 | 1.00 | 1.81 | 80 ms | Non profiling | Evaluation report (PDF) Source code (ZIP) |
| Dai Tian, Sun Xibo, Zhang Chi, Wang Lihui and Shan Weijun Shanghai Fudan Microeletronics Group Company Limited, China Evaluated using 16 keys from the new database |
30/09/2016 | 2 | 2 | 1 | 2 | 2 | 1 | 1.004 | 1.00 | 1.00 | 1.00 | 1.00 | 11,250 ms | Profiling | Evaluation report (PDF) |
| Wei Cheng, Yuchen Cao, Yongbin
Zhou, Chao Zheng, Hailong Zhang, Wei Yang State Key Laboratory of Information Security, Chinese Academy of Sciences, China Evaluated using 16 keys from the new database |
18/01/2017 | 1 | 1 | 1 | 1 | 1 | 1 | 1.00 | 1.00 | 1.00 | 1.00 | 1.00 | 750 ms | Profiling | Evaluation report (PDF) |
Key
- GSR > 80%: Number of traces for the Global Success Rate to be above 80% (F: the attack failed to reach this rate with 1,000 traces)
- Min PSR > 80%: Number of traces for the minimum Partial Success Rate to be above 80% (F: the attack failed to reach this rate with 1,000 traces)
- Max PGE < 10: Number of traces for the maximum Partial Guessing Entropy to be below 10
- Key found (stable): Number of traces needed to find the correct key for good
- GSR stable > 80%: Number of traces for the Global Success Rate to be stable above 80% (F: the attack failed to reach this rate with 1,000 traces)
- Min PSR stable > 80%: Number of traces for the minimum Partial Success Rate to be stable above 80% (F: the attack failed to reach this rate with 1,000 traces)
- Max PGE stable < 10: Number of traces for the maximum Partial Guessing Entropy to be stable below 10
- GSR @1000: Global Success Rate after 1,000 traces
- Min PSR @1000: Minimum Partial Success Rate after 1,000 traces
- Max PSR @1000: Maximum Partial Success Rate after 1,000 traces
- Min PGE @1000: Minimum Partial Guessing Entropy after 1,000 traces
- Max PGE @1000: Maximum Partial Guessing Entropy after 1,000 traces
- Time/Trace: Mean time per trace. All the evaluations are performed on an Intel Xeon CPU E7-8837 at 2.67 GHz with 256 GB of RAM.
Description of the attacks by their authors
Anonymous CPA (November 19, 2014)
The proposed attack CPA-I belongs to a kind of CPA. Basically, CPA-I attack consists of two consecutive steps:
- guessing the random offset vector and random shuffle0 used in one trace with the help of preprocessing data;
- mounting a traditional CPA against the output of the subkey in the first round of encryption.
Anonymous TA (November 19, 2014)
The proposed attack TA-I belongs to a kind of template attack. Basically, TA-I attack consists of two consecutive steps:
- guessing the random offset vector and random shuffle0 used in one trace with the help of preprocessing data;
- a template matrix is used to reveal the subkey for the targeted sbox.
Liu Junrong, Guo Zheng, Zhang Chi, Xu Sen, Wang Weijia, Bao Sigang SJTU-SHHIC Co-Lab of Data Security and Protection, Shanghai Jiao Tong University, China (January 27, 2015)
This is a profiling attack based on Gaussian Templates technologies. The attack targets include the offset, the shuffle0 and each bit of the output of each S-box. For each target, we extracted 100 feature points in the power traces. Our attack method involves two stages - the learning phase and the attack phase. In the learning phase, we use some traces to train gaussian templates of each sbox's offset , each sbox's shuffle0 , and every bit of 16 sbox. When all the classifiers finished training, these classifiers can be used to predict the the actual values of all the targets in the test traces. Finally, we combine the predictions for the offset,the shuffle0 and the bit of each S-box's output to determine the key byte for each S-box. And the 16 key bytes forms the first 128 bits of the entire AES key.
Li Yang, Wang Weiqi, Zhang Chi, Shanghai Fudan Microeletronics Group Company Limited, China (March 12, 2015)
Since the operating time of sboxes is the same, key can be revealed by template attacking shuffle0 and the output of the ith operated sbox at the same time.
Zdeněk Martinásek, Faculty of Electrical Engineering and Communication, Brno University of Technology (July 19, 2015)
The attack implemented is a combination of standard TA and DPA. In the first step, only the secret offset values are revealed using templates (we used 16 templates for each state byte). In the second step, a standard DPA based on correlation coefficient is applied. The DPA is aimed at the S-box output in the first round of AES. In fact, we deployed the outcomes from our analysis and we bypassed shuffling operation. It means that our CPA attack is aimed at the following operation (ShiftRows, 2.70x105 to 2.92x105 samples) that worked with the same intermediate values as the S-box but is not shuffled. Generally, we proved that the adversary can bypass the shuffling of the S-box in a fairly easy way in a real power analysis attack.
Anonymous (August 22, 2015)
The attack consists in a kmeans approach in order to recover all the secret values. First step is an optimal sample selection: for each sensitive value, I extract a codebook describing the mean significative EM behaviour for each possible value. After that I use those codebooks which allow me to recover:
- offset vector: in a SPA way,
- shuffle0 vector: in a SPA way,
- k0: once offset and shuffle0 are found, I can accumulate the key scores from traces to traces, until the end of the attack.
Hideo Shimizu, Toshiba Corporation Corporate Research & Development Center, Japan (September 1, 2015)
Basically, the algorithm is same algorithm as DPA Contest v4.1. Our method is simple application of basic template attack. For each trace, we get the offset and the sbox value by template attack. Then we combine the two values to obtain the secret key.