实验:以Hamming Weight为标准,对不同数据进行AES加密能耗的差别

Hamming Weight:二进制数中包含’1’的个数

我们作出一个假设:data line上的比特位会消耗可测量的功耗。

对0x00(包含0个1)和0xff(包含8个1)这两个权重很极端的数据进行测试,设置trace的量为100,当设备运行AES算法时,对这两个文本加密,如果假设正确,那么在高权重和低权重的功耗曲线上能观察到可测量的差异。目前,这些功耗曲线都混在一起了。将它们分成两组:one_list和zero_list。检查第一个字节来检查是否为0x00,并假设如果不是0x00就是0xFF。以下是一个简单的迭代循环来打印它们:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
from tqdm import tnrange
import numpy as np
import time

ktp = cw.ktp.Basic()
trace_array = []
textin_array = []

key, text = ktp.next()

target.set_key(key)

N = 100
for i in tnrange(N, desc='Capturing traces'):
    scope.arm()
    if text[0] & 0x01:
        text[0] = 0xFF
    else:
        text[0] = 0x00
    target.simpleserial_write('p', text)
    
    ret = scope.capture()
    if ret:
        print("Target timed out!")
        continue
    
    response = target.simpleserial_read('r', 16)
    
    trace_array.append(scope.get_last_trace())
    textin_array.append(text)
    
    key, text = ktp.next()

将数据分为两组,并将结果转为numpy array类型

1
2
3
4
5
6
7
8
zero_list=[]
one_list=[]
for i in range(len(trace_array)):
    if textin_array[i][0] == 0x00:
        zero_list.append(trace_array[i])
        
    else:
        one_list.append(trace_array[i])
1
2
3
4
5
6
one_list=np.array(one_list)
zero_list=np.array(zero_list)

assert len(one_list) > len(zero_list)/2
assert len(zero_list) > len(one_list)/2

对两组数据用np.mean求均值,得到zero_avg和one_avg

1
2
3
4
5
6
7
trace_length = len(one_list[0])
print("Traces had original sample length of %d"%trace_length)

one_avg=np.mean(one_list, axis=0)

if len(one_avg) != trace_length:
    raise ValueError("Average length is only %d - check you did correct dimensions!"%one_avg)
1
2
3
4
5
6
7
trace_length = len(zero_list[0])
print("Traces had original sample length of %d"%trace_length)

zero_avg=np.mean(zero_list, axis=0)

if len(zero_avg) != trace_length:
    raise ValueError("Average length is only %d - check you did correct dimensions!"%zero_avg)

用图形表示两组的差异

1
2
3
4
5
6
7
%matplotlib notebook
import matplotlib.pyplot as plt

diff = one_avg[:1000] - zero_avg[:1000]

plt.plot(abs(diff))
plt.show()

在100的位置可以看到一个明显的峰值,其余部分的差异都非常小

image-20230525003148705

把trace换成1000,发现还是在100的时候变化最大,那么那个点可能就是在aes加密的节点

image-20230525004414856

Reference

Chipwhisperer-Jupyter