DPA contest v4

DPA contests home

Introduction

AES-256 RSM (v4)

• Documentation
• Reference traces
• Hall of Fame

AES-128 RSM (v4.2)

• Documentation
• Reference traces
• Hall of Fame

Tools

Participate

Frequently Asked Questions

Acknowledgments

AES-256 RSM Documentation

Introduction

The first implementation available in the fourth edition of the DPA contest is a masked AES-256 implemented in software on an Atmel ATMega-163 smart card. This implementation is called AES-256 RSM (Rotating Sbox Masking).

The formal description of this implementation is available in this paper (PDF).

If you use traces obtained from this implementation, we kindly ask you to refer to this article: RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. DATE 2012: 1173-1178.

Implementation

This archive contains all the details of the implementation of the AES-256 RSM on the Atmel ATMega-163 smart card.

The important files in this archive are:

• dpa4.hex: the content of the flash memory of the ATMega-163 card
• eedata.hex: the content of the EEPROM memory of the ATMega-163 card
• dpa4.S: the assembly code of the program run by the smart card

ATmega163

Some documents about the microcontroller ATmega163 that runs the AES-256 RSM implementation:

• The datasheet of the Atmel ATmega163
• The AVR Instruction Set (the description of all the instructions of the microcontroller)

Credits

The implementation of this AES-256 RSM uses some portions of code from external projects and developers:

• Simple Operating System for Smartcard Education, Copyright (C) 2002 Matthias Bruestle <m@mbsks.franken.de>, Under GPL v2
• AVR-Crypto-Lib, Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de), Under GPL v3

Acquisitions

Description

The reference acquisition campaign has been performed during June and July 2013 in the security laboratory the Digital Electronic Systems research group of the Télécom ParisTech french University. The AES-256 RSM was implemented on an ATMega-163 smart-card connected to a SASEBO-W board.

For the acquisitions, we used the following devices:

• Langer EM near-field probe RF U 5-2
• Preamplifier PA303 30dB ~0-3GHz
• Oscilloscope Lecroy Waverunner 6100A, sampling frequency = 500MS/s
• Regulated Power Supply Agilent E3631A @2.5V (to power the smartcard)

Tools & Designs

• The bitstream loaded into the FPGA during the acquisitions: CHIP_SASEBO_W_VCP_DPAV4.bit

We will soon provide here all the information used to perform the acquisitions: the design loaded on the SASEBO-W board and the communication protocol between the PC and the smart-card.

Pictures

/ Twitter account: DPAContest / Announcement mailing list