DPA Contest v4.2 Reference Traces
Introduction
A reference acquisition campaign has been performed during July and August 2014 in the security laboratory the Digital Electronic Systems research group of the Télécom ParisTech french University. The algorithm was implemented on an ATMega-163 smart-card connected to a SASEBO-W board.
This reference acquisition campaign contains 80,000 traces. We used 16 different keys and for each key, we collected 5,000 traces corresponding to the encryption of 5,000 different plaintexts per key.
Download
To test your attack, you will need to download both the index file and some traces (you do not have to download all the traces).
Index file
The index file contains the key, plaintexts, ciphertexts and other information used for each traces.
Traces
To allow participants not to download the full set of traces, the campaign is divided into 16x2 subsets of 2,500 traces each (the traces corresponding to 1 key are split into 2 subsets). Each subset is a 2 GBytes ZIP archive.
Important update (August 27, 2015): During the life of the v4.2 contest, two bugs have been identified in the implementation used to perform the acquisitions. Both bugs concern Suffle0 and Shuffle10 permutations. The first one has been discovered on October 2014 and the second one has been discovered on August 2015.
The traces available below has been updated on July 2015 and does not contain the first bug but does contain the second one. Please consult the page Documentation for more details on this bug.
You can check the integrity of the files after download with these SHA1sums:
5fff22403125b3eb943217b742fe9a2f8c9300ab DPA_contestv4_2_k00_part1.zip 4771a3447d0bc3414d116fc48d4966ed11675fca DPA_contestv4_2_k00_part2.zip 6d15de683bd094eaad6516d8bb20fd01ce073a9b DPA_contestv4_2_k01_part1.zip f2b1eb83bfe7c4d8a4af056a46731289f7bac281 DPA_contestv4_2_k01_part2.zip d680e999e497217c96bd8244a220244664936450 DPA_contestv4_2_k02_part1.zip d0af42000b3c3569b4dd3c9c63d61d25d2054faa DPA_contestv4_2_k02_part2.zip bbdd976dd4f324f452b9dd32905bed034741c650 DPA_contestv4_2_k03_part1.zip 48a15aae8ecd2ee268bbe17d20fd147e35307f49 DPA_contestv4_2_k03_part2.zip 2db87a66663cd727368ec41b6cb3e32df28f117c DPA_contestv4_2_k04_part1.zip 1fb2c481ceaa9fec25db6a16d49a2d68ba2896da DPA_contestv4_2_k04_part2.zip e1c61cc0d4a64a4ca2f5c4815a29e7ca1938487d DPA_contestv4_2_k05_part1.zip 9bf849d7dc509809e942ed1cd57733dc7477867a DPA_contestv4_2_k05_part2.zip 5f72ae53c3c653ca5febc9d9f612d2132d4a3a12 DPA_contestv4_2_k06_part1.zip 01031dde18c1b4a5e6c0b58b5bf03e1374a85683 DPA_contestv4_2_k06_part2.zip cf38392861899d57d550af896969e3d6f7e18112 DPA_contestv4_2_k07_part1.zip 8fbdf547f465382db701ae7b5e838793b4e6e610 DPA_contestv4_2_k07_part2.zip f849efba72d066787bfeb4c75f1d899c54a4af85 DPA_contestv4_2_k08_part1.zip 144fe9e8361ded48b249c2e7ca95987519a5e21e DPA_contestv4_2_k08_part2.zip 7f21d2bc6f56e4b1e56befd4a16ceae13c856dd6 DPA_contestv4_2_k09_part1.zip 614a2aac87290674fdacd6683018ff2d37ce47df DPA_contestv4_2_k09_part2.zip eefb586e04657071967d10c090f51453cda242fd DPA_contestv4_2_k10_part1.zip a26548292af23d77288bade4d3e868b6205799d7 DPA_contestv4_2_k10_part2.zip 076bc9d6f6d4ebda1efbc67ef3bab934db976ca5 DPA_contestv4_2_k11_part1.zip a936581e70baa93b9d120e86add3c06ea0bad770 DPA_contestv4_2_k11_part2.zip 5fb7d62baf418969eebfa93672473405c29183ce DPA_contestv4_2_k12_part1.zip c9c385d6efea0fcfd5a85f5c678e7e60553b486a DPA_contestv4_2_k12_part2.zip 21abbabc9edc95f57ea2da1f883a31f963a3ed6c DPA_contestv4_2_k13_part1.zip a59605818aeb163600cfe6766aeaf339da9ce328 DPA_contestv4_2_k13_part2.zip c33c0a3bcf92fc6c33f8e1a1fae261860c242a30 DPA_contestv4_2_k14_part1.zip 7dcd8e48e393d3ced8841e153209591405197f7a DPA_contestv4_2_k14_part2.zip 1512be8f9ef19b8d1260d52401fbf39194d6f089 DPA_contestv4_2_k15_part1.zip f944136ea7f21edbf634e8c9059e824f504c2d1d DPA_contestv4_2_k15_part2.zip
Format of the traces and index file
Index file
Each line of the index file contains the information about a trace.
Example:
8249CEB658C71D41D7B734449629AB97 73136C16F1E0CE864A2A2C6C8400CF01 BDAA8B4BE13E13CD5250685B67443F84 AB5D4F761C28E039 1A9406F3B2857CED 05C229626F9D8B39 k00 DPACV42_000000.trc.bz2
On each line, the information are separated by a space:
- 1st column: the AES-128 key (128 bits represented as 32 hexadecimal digits)
- 2nd column: the plaintext (128 bits represented as 32 hexadecimal digits)
- 3rd column: the ciphertext (128 bits represented as 32 hexadecimal digits)
- 4th column: the Shuffle0 permutation (see the algorithm specifications, 16 x 1 hexadecimal digit)
- 5th column: the Shuffle10 permutation (see the algorithm specifications, 16 x 1 hexadecimal digit)
- 6th column: the offsets (see the algorithm specifications, 16 x 1 hexadecimal digit)
- 7th column: the name of the directory (below the top-level directory DPA_contestv4_2) where the trace is stored
- 8th column: the name of the trace
Traces
Each trace subset ZIP archive contains 2,500 traces that decompress into a subdirectory of directory DPA_contestv4_2 (in order to allow participants to only download a part of the campaign and to limit the number of files inside the same directory).
The ZIP archives named, _part1 and _part2
corresponding to the same key will be decompressed into the same
subdirectory:
DPA_contestv4_2 |-k00 | |- DPACV42_000000.trc.bz2 | |- DPACV42_000001.trc.bz2 | |... | |-k01 | |- DPACV42_005000.trc.bz2 | |- DPACV42_005001.trc.bz2 | |... | |-k02 ...
In order to limit its size, each file is compressed with bzip2. You can uncompressed them but it is not necessary as the tools we provide can manipulate compressed traces.
Each file DPACV42_xxxxx.trc.bz2 contains a single trace coded using the LeCroy Digital Oscilloscope format template 2.3.
Short version: After the first 357 bytes of the file (headers), there are 1,704,402 bytes which represent the 1,704,402 samples of the trace, the value (between -128 and +127) of each sample is coded on 1 byte (8 bit two's complement, i.e. signed value).
Complete version: The trace header starts with the string WAVEDESC. All the offsets in the table below are relative to the first character of this string. Some bytes (11 in the case of the traces of the DPA contest v4) precede this string and should not be taken into account. The table below describes the important fields of the headers of a trace.
| Offset (in byte) Relative to beginning of WAVEDESC string |
Name | Type | Description | Typical values for provided traces |
|---|---|---|---|---|
| 0 | Descriptor Name | Null terminated string | The first 8 chars are always "WAVEDESC" | WAVEDESC |
| 16 | Template Name | Null terminated string | LECROY_2_3 | |
| 32 | Comm Type | 16-bit data | Format of data samples (0: byte (8-bit signed values), 1: word (16-bit signed values)) | 0 (8-bit signed values) |
| 34 | Comm Order | 16-bit data | Format of data samples (0: MSB first, 1: LSB first) | 1 (LSB first) |
| 36 | Wave Descriptor | 32-bit signed data | Length in bytes of the block WAVEDESC | 346 |
| 40 | User Text | 32-bit signed data | Length in bytes of the block USERTEXT | 0 |
| 44 | Res Desc1 | 32-bit signed data | Length in bytes of the block RES_DESC1 | 0 |
| 48 | TrigTime Array | 32-bit signed data | Length in bytes of the TRIGTIME array | 0 |
| 52 | Ris Time Array | 32-bit signed data | Length in bytes of the RIS_TIME array | 0 |
| 56 | Res Array 1 | 32-bit signed data | 0 | |
| 60 | Wave Array 1 | 32-bit signed data | Length in bytes of the 1st data array | 1,704,402 |
| 64 | Wave Array 2 | 32-bit signed data | Length in bytes of the 2nd data array | 0 |
| 76 | Instrument Name | Null terminated string | Name of the instrument | LECROYWR6100A |
| 116 | Wave Array Count | 32-bit signed data | Number of data points (samples) in the data array | 1,704,402 |
| 124 | First Valid Point | 32-bit signed data | Number of points to skip before first good point | 0 |
| 128 | Last Valid Point | 32-bit signed data | Index of last good data point | 1,704,401 |
| 156 | Vertical gain | float (32-bit IEEE floating point value) | Vertical gain | |
| 160 | Vertical offset | float (32-bit IEEE floating point value) | Vertical offset | |
| 172 | Nominal Bits | 16-bit signed data | Intrinsic precision of the observation | 8 bits |