How to Participate?
This page describes the steps required to participate to one of the several implementations of the DPA contest v4:
- Inform us of your intentions to participate (optional)
- Download and install the traces and the index file
- Download and install the tools
- Develop and test your attack
- Submit your attack for evaluation
Inform us (optional)
Download and install the traces and the index file
The first thing you need to participate is some traces and the corresponding index file. For each implementation, we provide a reference set of traces in order to help you develop and test your attack.
- For the AES256 RSM implementation, the traces and the index file are available on this page
- For the AES128 improved RSM implementation (v4.2), the traces and the index file are available on this page
You do not have to download all the traces, you can only download only a part of the set of traces.
Download and install the tools
For the contest, we have developed tools that allow you to develop and test your attack on the traces we provide to have an idea of its performances before sending it to us for its evaluation on a private set of traces.
We strongly recommend participants to develop their attack under a Unix-like operating system (Linux, Mac OS, etc.) to facilitate the evaluation (we only have Linux machines). However, we provide some tools for Windows also.
You have to download and install two tools: the attack wrapper and the metric computation tool. The attack wrapper launches your attack, retrieves traces either from files on your disk, supplies them to your attack, retrieves results and stores them for subsequent exploitation. The metric computation tools gathers results collected during one or several execution of your attack by the attack wrapper, and computes the different metrics we have chosen for this edition of the contest (see the Rules page for more information about the metrics).
These tools are available for download from the page Tools. You will also find on this page the instructions to install these tools.
You can now jump to the next step: Develop and test your attack.
Develop and test your attack
One you have install the required tools, you can now develop and test your attack. As for the previous step, the instructions depend on the language and operating system you plan to use:
- If you want to code your attack using any programming language on an Unix operating system (Linux, Mac OS X, *BSD), click here
- If you want to code your attack using any programming language (C# is recommended) on Windows, click here
- If you want to code your attack with Matlab on an Unix operating system (Linux, Mac OS X, *BSD), click here
- If you want to code your attack with Matlab on Windows, click here
Unix (Linux)
Development
Now, you have an idea of a powerful attack and you want to code it. What is an attack? An attack is a program that receives traces from the attack wrapper, processes them and sends the results to the attack wrapper. The communication protocol between the attack wrapper and our attack program is documented on the Tools page. Your program reads traces from its standard input and sends results on its standard output. This method allows you to develop your attack in the programming language of your choice.
To make it easier to develop an attack, we provide a template written in C++ in the file examples/xxxxx/test_fork.cc (where xxxxx is the target: v4_rsm for the AES-256 RSM first implementation; and v4_2 for the AES-128 improved RSM implementation = v4.2). If you look at the function main of this template, you will see the basic structure of an attack program:
- The attack reads the number of traces sent by the wrapper
- The attack reports to the wrapper that it is ready to start
- The attack receives a trace sent by the wrapper
- The attack updates its results
- The attack sends the results to the wrapper
- The steps 3 to 5 are repeated as many times as there are traces
Attack launch
Once you have developed and compiled your attack, you can test it with the attack wrapper. The parameters and some examples of command lines are listed on the page Tools. The invocation of the wrapper will probably be:
$ attack_wrapper -i 10 -k 0 -d DPA_contestv4_rsm -x dpav4_rsm_index -e v4_RSM test_fork
where:
- attack_wrapper is the path to the attack_wrapper executable file
- test_fork is the path to the your compiled attack program
- DPA_contestv4_rsm is the path to the directory containing the traces
- dpav4_rsm_index is the path to the index file
- v4_RSM is the edition of the contest (v4_RSM for the AES-256 RSM first implementation; v4_2 for the AES-128 Improved RSM implementation)
The command above will launch the attack wrapper with your attack using the first key of the public base and on only 10 traces. Thus you can check if something goes wrong. The results will be stored in the file results.
If everything seems to work, you can launch your attack on all the traces by removing the option -i 10.
Computation of result metrics
Once you have one or more binary result files (for one or more keys), you can launch the metric computation tool using the command:
$ compute_results results
The tool will analyze the result files and produce several text files containing the different metrics. Theses files are human readable and can be plotted using gnuplot.
You can now jump to the last step: Submit your attack for evaluation.
Windows
Development
Now, you have an idea of a powerful attack and you want to code it. What is an attack? An attack is a program that receives traces from the attack wrapper, processes them and sends the results to the attack wrapper. The communication protocol between the attack wrapper and our attack program is documented on the Tools page. Your program reads traces sent by the wrapper using a FIFO (a FIFO is similar to a file and is used to communicate between the wrapper and your attack) and sends results to the wrapper using another FIFO.
To facilitate the development of an attack, we provide you with an attack template written in c#. You can find it in the examples/xxxxx (where xxxxx is the target: v4_rsm for the AES-256 RSM first implementation; and v4_2 for the AES-128 improved RSM implementation = v4.2) directory of the attack wrapper under the name Attack.cs.
Open it and modify it to implement your attack (search for TODO comments to identify the lines to modify). You will have to modify the name of the input and output FIFO (given during the launch of the attack wrapper below), the number of the attacked subkey, and the code of the attack.
Attack launch
Once you have written your attack, you can test it with the attack wrapper. The parameters and some examples of command lines are listed on the page Tools. The invocation of the wrapper will probably be (from a Windows command line):
attack_wrapper.exe -i 10 -k 0 -d DPA_contestv4_rsm -x dpav4_rsm_index -e v4_RSM fifo
where:
- DPA_contestv4_rsm is the path to the directory containing the traces
- dpav4_rsm_index is the path to the index file
- v4_RSM is the edition of the contest (v4_RSM for the AES-256 RSM first implementation; v4_2 for the AES-128 Improved RSM implementation)
The command above will launch the attack wrapper with your attack using the first key of the public base and on only 10 traces. Thus you can check if something goes wrong. The results will be stored in the file results. The two FIFO for communication will be named \\.\pipe\fifo_from_wrapper and \\.\pipe\fifo_to_wrapper.
Next, launch your attack.
If everything seems to work, you can launch your attack on all the traces by removing the option -i 10.
Computation of result metrics
Once you have one or more binary result files (for one or more keys), you can launch the metric computation tool using the command:
compute_results.exe results
The tool will analyze the result files and produce several text files containing the different metrics. Theses files are human readable and can be plotted using gnuplot.
You can now jump to the last step: Submit your attack for evaluation.
Matlab (Unix)
Development
Now, you have an idea of a powerful attack and you want to code it. What is an attack? An attack is a program that receives traces from the attack wrapper, processes them and sends the results to the attack wrapper. The communication protocol between the attack wrapper and our attack program is documented on the Tools page. Your program reads traces sent by the wrapper using a FIFO (named pipe) and sends results to the wrapper using another FIFO.
To facilitate the development of an attack with Matlab, we provide you with an attack template. You can find it in the examples/xxxxx (where xxxxx is the target: v4_rsm for the AES-256 RSM first implementation; and v4_2 for the AES-128 improved RSM implementation = v4.2) directory of the attack wrapper under the name attack.m.
Open it and modify it to implement your attack (search for TODO comments to identify the lines to modify). You will have to modify the name of the input and output FIFO (given during the launch of the attack wrapper below), the number of the attacked subkey, and the code of the attack.
Attack launch
Once you have written your attack, you can test it with the attack wrapper. The parameters and some examples of command lines are listed on the page Tools. The invocation of the wrapper will probably be:
$ attack_wrapper -f -i 10 -k 0 -d DPA_contestv4_rsm -x dpav4_rsm_index -e v4_RSM fifo
where:
- attack_wrapper is the path to the attack_wrapper executable file
- DPA_contestv4_rsm is the path to the directory containing the traces
- dpav4_rsm_index is the path to the index file
- v4_RSM is the edition of the contest (v4_RSM for the AES-256 RSM first implementation; v4_2 for the AES-128 Improved RSM implementation)
The command above will launch the attack wrapper with your attack using the first key of the public base and on only 10 traces. Thus you can check if something goes wrong. The results will be stored in the file results. The two FIFO for communication will be named fifo_from_wrapper and fifo_to_wrapper.
Next launch you attack inside Matlab.
If everything seems to work, you can launch your attack on all the traces by removing the option -i 10.
Computation of result metrics
Once you have one or more binary result files (for one or more keys), you can launch the metric computation tool using the command:
$ compute_results results
The tool will analyze the result files and produce several text files containing the different metrics. Theses files are human readable and can be plotted using gnuplot.
You can now jump to the last step: Submit your attack for evaluation.
Matlab (Windows)
Development
Now, you have an idea of a powerful attack and you want to code it. What is an attack? An attack is a program that receives traces from the attack wrapper, processes them and sends the results to the attack wrapper. The communication protocol between the attack wrapper and our attack program is documented on the Tools page. Your program reads traces sent by the wrapper using a FIFO (a FIFO is similar to a file and is used to communicate between the wrapper and your attack) and sends results to the wrapper using another FIFO.
To facilitate the development of an attack with Matlab, we provide you with an attack template. You can find it in the examples/xxxxx (where xxxxx is the target: v4_rsm for the AES-256 RSM first implementation; and v4_2 for the AES-128 improved RSM implementation = v4.2) directory of the attack wrapper under the name attack_windows.m.
Open it and modify it to implement your attack (search for TODO comments to identify the lines to modify). You will have to modify the name of the input and output FIFO (given during the launch of the attack wrapper below), the number of the attacked subkey, and the code of the attack.
Attack launch
Once you have written your attack, you can test it with the attack wrapper. The parameters and some examples of command lines are listed on the page Tools. The invocation of the wrapper will probably be (from a Windows command line):
attack_wrapper.exe -i 10 -k 0 -d DPA_contestv4_rsm -x dpav4_rsm_index -e v4_RSM fifo
where:
- DPA_contestv4_rsm is the path to the directory containing the traces
- dpav4_rsm_index is the path to the index file
- v4_RSM is the edition of the contest (v4_RSM for the AES-256 RSM first implementation; v4_2 for the AES-128 Improved RSM implementation)
The command above will launch the attack wrapper with your attack using the first key of the public base and on only 10 traces. Thus you can check if something goes wrong. The results will be stored in the file results. The two FIFO for communication will be named \\.\pipe\fifo_from_wrapper and \\.\pipe\fifo_to_wrapper.
Next launch you attack inside Matlab.
If everything seems to work, you can launch your attack on all the traces by removing the option -i 10.
Computation of result metrics
Once you have one or more binary result files (for one or more keys), you can launch the metric computation tool using the command:
compute_results.exe results
The tool will analyze the result files and produce several text files containing the different metrics. Theses files are human readable and can be plotted using gnuplot.
You can now jump to the last step: Submit your attack for evaluation.
Submit your attack for evaluation
Once your attack is working and you are satisfied with its results, you can send it to us. We will run it against the traces from our private database and send you the results of this evaluation.
There are no official deadlines for this edition of the contest because, like DPA contest v2, we plan to keep it running as long as possible. However, we will present first results at COSADE 2014 in April 2014 (14-15). So to have a chance to appear in the ranking, the deadline is March 10, 2014 23h59 CET.
To submit your attack, send us (submission@dpacontest.org) a mail with your name, address, institution and an archive (zip, tar, tar.gz or tar.bz2) containing:
- a short description of your attack (rationale and distinctive features); it can consist in a couple of lines in a TXT file,
- all the source codes of your attack,
- additional libraries if you use non-standard ones, and a binary version of your attack (except if you use interpreted programming languages or Matlab),
- and an indication whether you accept the source code of your attack to be published on the DPA contest website (we encourage this).
We will next send you three mails. One when we receives your attack, one when we succeed to launch it on some traces and one when we finished the complete evaluation with the results.