SlideShare a Scribd company logo

katagaitai CTF workshop #10 AESに対する相関電力解析

T
trmr

The document appears to be a complex and unwieldy compilation of cryptographic data and code snippets related to a workshop on cryptography. It includes various notations and calculations indicative of cryptanalysis techniques, particularly focused on differential and correlation power analysis. There is a mention of synthesizing data and saving traces, which suggests practical applications in a computational context.

Technology
1 of 75
Downloaded 53 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
katagaitai workshop #10 Crypto by trmr
• T • C F • 22 3 • T 3 • F 3 C
• 9C9 9 C9 Nx eN • # F # E MN oP • # E k tgRhL78 • # ( sE 7240 • # ( E 865l Sx Nn • # ( E 1 C l Sx Nn • # ) sE ( gN I3 C 0 C C A • # ) sE ) x P • # ) E Sx • # sE x P • # sE x P • # E # ia • # E x P
katagaitai CTF workshop #10 AESに対する相関電力解析
• ( C t dg : o V • R( C S( T Fnp ws • ( E • • : • 5 ) • t bcfi • ( • r • : : : 5 A : • ce k • R M ce kH E • chla uyHmIE
• i M • e Wt t • e W t • e W rh a c y H • rh B y H • d W ku • H 6 ( 2 ( w • e W S tx o 2 l a c ) 2 2 HG
& • 50772842 • F H c • a • ::01 eF DC • 2 2892 e EDA DC • T S •
• xt ro xt xt b e k • xt ro xt 8c l :e • ro xt 8c l :e • ro a g c b e k xt (+ xt xt . xt a y )/(
• w : c n • - R Iue j A cS9 • j w l a M 9 n • - F t i M 9 I C t n • n w • 9 9T A d S9 • kdn w • okd I C cS9
• eoimGf w u c c Ta • v wW u sSa • w r u pO • w hjod gGf 0 B Pa W • w hjod • klntgGf O • Qb_ q a BB E E/ 1 B /:. . : ./. : /:. 1B / 1 A B 1 B/ B
• • ba • 1 • 1 •
katagaitai CTF workshop #10 AESに対する相関電力解析
• /03 /4D4 0 6 AD 3D4 4 • fed • 18 D8 bc ed • Kb • ( 5 D S f • 23. 28 36 8 E : . : D a DDA - 6 6 D : F 6 6 8 4 AE5 64D 9 A ( 4 6 F8 ) 6E 8 D 9 A ( A 9
( ( ) ) • +1 1 54 2 (528 4 6 + ( • 4 m K h 4 S m • + ( A m 4 • ) 1 6 1 ) 84 1 g c • 4 4 i • ei D C 4 c • 4 ) d • ) g c • ) • ei D C 4 l c • b 4 S P m+
( • 2 • E(86 24 2 • ) 1 K • 25 8 • E 3 86 24 2 • 2 8 • E 86 24 2
• • F1 • F A • A 1 6
! • U R : 8 • • E 4 4 8 • E 4 7K 4 8 • 4 8 1 T56 OP U
• 586 • • K F 1
• )- 0 10 ) 82 -8 0 0 • ()-AN • - S E • PA D SR )- A 9 0
) ( ( ) • + ( w (03 • 62 (03 A S • E Rw (03 w • - 62) W od c • 80 62) 0 :nt c • -1 ) u • Rb w i od c • + ( RK c • • Rw w r
( • : • 8 : AC M B • ) M A RKb - • : B X • 2 1: S R • ( AS
katagaitai CTF workshop #10 AESに対する相関電力解析
• p pE CH rlf Ksa e • S ) : 9 9 2 Brl E p • 4 : 2 9 2 0 4 i m D f p • 4332 2 40 9 2 0 4 i A ns p • S ) ( 42 B)9 2 0 49 9 2 0 4 ) • )9 2 0 49 9 2 0 4 ) P okH i c A ns p
• 2C D 4 • I C • F I C • , A I C PD 4
• C 9 BH9D A5 IE E ) su hdpm tb nf j • . hdpm tbP Se K i • c 2 • c a nf • nf wg rtP S ol 5 2B 9D" 1BE 5 15::9" 5A 9A 5 A 1 A ::9D9A 5 CBH9D 5A5 IE E J AA 5 A 9DA5 BA5 ,DIC B B I ,BA:9D9A 9 CD A 9D" 9D A" 9 9 69D " ((( 2 c a nf
• 2 6 • + 6 • 6 2 2 2 2 6
• - ( 2 -( e i a e BA i • P B a • D7 a P B a P B D7 a D f a f a
• E ? • 3 b i 2 e • 1 0 e : - 1 D D ?D K68 • 1 0 D = S • 1 0 D K i E - 1 - 1 - 1 1 0 1 0 1 0
• b W 2 1 • b - W • i i W 0 2 • W 0 9 b b W b W W W b - W 9 9 9 9 9
3 • E b= : • 1 0 S • S K - 3 2D 2D= 2D 6 • 2DK S e • 2D e S K E - - - ( )
• ( : C • () S S C C • A P AE3B 1 • S 1C • DBA 6 (
! • OS E6USD E3 • = E6= 4 2 • PT 3 PT • R ) ( D 162 A OS E
• 1 : • 5 S • t p5 • 4 5 • S 6 2 2 • 2 • 6 i 8 6 840 6 • S e 8 b 0 S 7 3 • S 7 p
• 0 4 • P6 1 UO • S P b R D 3E T P )(
• - e • p1 0 Sb 31 0 • p1 Sb 31 0 i i W W 1 W 1 W 1 05 W W W W 6 p1 0 i i W W W W 1 05 W W W W 6 p1 0
• ( (122 10 1 2 0 63 3 oit w : • ) aD • s ) ( • e 12 n Pb • b • t lr P C A P • lr t • t • y P b t oii P
• ρ",$ X : • Y: • X , 73 • • %&' (, ) = + ( − -( ) − -) • -( ( Y • + ( ( Y • . ( = +[ ( − -( 0] • ρ",$ 1 1- • ρ",$ = 234 ",$ 5 " 5 $ = 6 "78" $78$ 6[ "78" 9]6[ $78$ 9]
• 2 1-0 B • b so = e • 1- e 2 1-0 B K EA S • 1- :B e p B • 1- K B e 3 K 8 1- 1- 1- K
• ρ",$ - Y : • , 30 • 19 , 30 : 30 X : 30 30
• SD D 4B • P E E D B B • b 1 D 0:CA e
• d b [ 7 6 5 x • 6 3 d i 16 p • 6 3 d 16 p • 6 3 16 r 7 6 5 • 7 6 5 28 16 - • 6 3 7 6 5 : ] • 6 3 x s u • 6 3 s uB ]S W 16 Bt e: 6 3 : 16 p • 6 3 6 3 : i 24 y : 16 16 i 6 3 o
• 1 • - K [o : e B 4- 6 2 S • 4- 6 2 S 05 e - • u • 1 • s - ] : 8 S K] p b 8 u B i 8 • s - t 8 S Kt pb 8 u B i 8 e - ( 8 3 ( ) 8
katagaitai CTF workshop #10 AESに対する相関電力解析
• P ( 4 ) A • P ) • 4C 4 )
• ) ( ))( ( ( • D • !"#(%&) = ∑&*+ ,-. /0 %& + 2 − /.(2) • S m o fb m fb/. i 4., … , 40 n fb/0 5 c!"#(%&)を取得 o SAD(%&)4 %& AD 5 D e
• S () 4: • ρ",$ = ∑'() * +',,-+, .',/-./ ∑'() * +',,-+, 0 ∑'() * .',/-./ 0 • 1 6 () • 2 B • 3 B • ℎ : 4: • 5 B
b 1 E 1 2 27 ℎ",$ − ℎ$ d B A 7 &",' − (&' b 1 E 1 ) 8 0 ℎ",$ S 84 ℎ",$ − ℎ$ を取得 d B A *7 &",' − (&' S e ), *7 S ρ$,' = ∑"./ 0 ℎ",$ − ℎ$ &",' − (&' ∑"./ 0 ℎ",$ − ℎ$ 1 ∑"./ 0 &",' − (&' 1 e ), *7 2$,'
katagaitai CTF workshop #10 AESに対する相関電力解析
• R il C • . • ) ( ) / • c ) ( ) / • . / 9 . / 9 / / ?4. 9 4 . 4 . A 9 4. . . 49 . 4 .9 4 4 9 / .9 9 /4 9 9 9 . A 9 4. 9 49 A9 A • n • T mk e a fd EhD • o g MC
( ) • be ogit A7 A7 @7 S d r ogit d y c 1E 7 : 49 7 #$# 3E> 0 < $ ,$ , $ 125 -7 :E F 7@> 7 :E F. 49 7 O hpsk l u Te Od • 49 7 iumn t v 7 > F 7@@ C9 7 • 49 7 A7 @7 • C Oa O C9 7 C9 7 , .@C7: E79 F#A7 C9 7 , .F7 A7 E79 F# #A7 $
)( • ). 5 • : 5 : S • • ( M • 5 :. " : : 5 5 " : : " 5 . :" "5 1 : 5 : " ":2 =
( ) !" #", … , #& !& 5 2 '()(+,)を取得 SAD(+,) +, def synchronize(trace, reference, window, max_offset): reference_window = reference[window[0]:window[1]] sad = [0] *(max_offset * 2 + 1) for x in range(0, max_offset * 2 + 1): trace_slice = trace[window[0]-max_offset + x:window[1]-max_offset + x] sad[x] = np.sum(np.abs(reference_window - trace_slice)) sad_idx = np.argmin(sad) offset = -max_offset + sad_idx synchronized_trace = trace if offset < 0: synchronized_trace = np.concatenate(([0] * abs(offset), synchronized_trace[:-abs(offset)])) elif offset > 0: synchronized_trace = np.concatenate((synchronized_trace[abs(offset):], [0]*abs(offset))) return synchronized_trace
( )
( 4 4 ! 4 ℎ#,% ℎ#,% − ℎ% を取得 B ' S 4 (#,) − *() b + ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 ρ%,) = ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 d 5 ρ%,) ! for k_idx in range(16): # determine key index cpaoutput = [0] *256 # follow valiables may not be need maxcpa = [0] *256 for kguess in range(256): # determine word key candidate sumnum = np.zeros(NUM_POINTS) sumden1 = np.zeros(NUM_POINTS) sumden2 = np.zeros(NUM_POINTS) hyp = np.zeros(NUM_TRACES) for t_idx in range(NUM_TRACES): # hypothesis hamming weight hyp[t_idx] = humming[addkey_subbytes(pt_list[t_idx][k_idx], kguess)] h_mean = np.mean(hyp, dtype=np.float64) t_mean = np.mean(sync_traces, axis = 0, dtype = np.float64) for t_idx in range(NUM_TRACES): hdiff = (hyp[t_idx] - h_mean) tdiff = sync_traces[t_idx] - t_mean sumnum = sumnum + (hdiff * tdiff) sumden1 = sumden1 + hdiff * hdiff sumden2 = sumden2 + tdiff * tdiff cpaoutput[kguess] = sumnum / np.sqrt(sumden1 * sumden2) maxcpa[kguess] = max(abs(cpaoutput[kguess])) bestguess[k_idx] = np.argmax(maxcpa) print "best guess key [{0}] is {1:02x}".format(k_idx, bestguess[k_idx])
12 52 8 1 $ python CPA.py best guess key [1] is fe best guess key [2] is ba best guess key [3] is be best guess key [4] is de best guess key [5] is ad best guess key [6] is be best guess key [7] is ef best guess key [8] is 00 best guess key [9] is 01 best guess key [10] is 02 best guess key [11] is 03 best guess key [12] is 04 best guess key [13] is 05 best guess key [14] is 06 best guess key [15] is 07 Best key guess: CAFEBABEDEADBEEF0001020304050607
• , : : • tlu w c • a W g bd M Lro • Ud chn • m ( a W x • . / 6 / / : : : 5 • , ( ) / • ei , • Ud c CR p • ) / s
• 0 20 3 • 0 20 5 • W L • 0 20 5 F5C W • $ T • + 7 = $
) ( ( • . c • • . .5 N S W f .8 _ • = aei lC • hg .8 f #Save as ChipWhisperer project tc = TraceContainerNative() for i in range(0, ntraces): tc.addWave(traces['samples'][i]) tc.addTextin(inp[i]) tc.addTextout(out[i]) tc.addKey([0]*16) os.mkdir('rhme3') tc.saveAllTraces('rhme3') tc.config.setConfigFilename('rhme3/rhme.cfg') tc.config.saveTrace()
) ( ( • . • .5 • . 5 9 • C
) ( • - - c • • 0 P e 6 a d • a d • • P P T 1 R
)( • 1 -1 6 : R 1 6: a • :1 - 6 :1 • 1 6: R W a • :1 6: eG • d D M E I • : 6: A S b fc • : 0 PM #
)(
) ( • A • 1 • R • 3 T 6
• • ( ) • E • H C 4 6 I C F • E F S T 4 C • F 6
0
• f • 0 8850/ 9 98 0: 60 0: 8 4 0 .: 9 48 8 0 /8 5 8 0 50 0 8 5 8 8 . 0 .: 9 :4 2 81 ) . : . 0: 8 0 0: 4.0 9 ) ( ( :4 2 0 .: 9 • e • ip y ʼ va wrk ou 4 h dn • ʼ va 6 m • s g • xc • b h ʼ tva wrk ou 4 h m ((
) ( • 2 8 7 61 : 1 • 28 2 8 7 2 7.1 • 7 EA • 2 8 7 61 add $t1, $zero, $zero# clear out $t1 ; 00004820 addi $t1, $t1, 0x9e# TEA magic is 0x9e3779b7 ; 2129009E sll $t1, $t1, 8# shift out making room in the bottom 4; 00094a00 addi $t1, $t1, 0x37 ; 21290037
) ( • 8 • : • • 8 6 : {'j1istE9p': [0, … , 0], 'EXdxTejF': [0, … , 0], … }
() • + 1( • s0 0 • 0 0 3 9^ e i • m 3 ) 3 41 0 • s 3 k • + 1( • s0 + • )b 3 3 • + t 9 = 6b m 3 • m 3 ) 3 41 0 • 0 a • s 0 k • d: s k9e lw $t8, $zero, 8# k0 mem[8-23] = k ; 8c180008 lw $s7, $zero, 12# k1 ; 8C17000C lw $s6, $zero, 16# k2 ; 8C160010 lw $t3, $zero, 20# k3 now our keys are in registers ; 8c0b0014 sll $s4, $t6, 4# (v1 << 4) ; 000ea100 add $s4, $s4, $t8# +k0 part 1 is in s4 ; 0298a020
) ( • S Z vtoe yr lfPh • s M u Pb i F zgTC jw • / 0 0 /3 c S • R C Makp • 3 : 3 . / 0 • m Makp • 3 : /7 . 0/ / : 7 :
( • 5 07 211070 92. 65 07 6 G • • CU P • 570 2 • H • B
• # # / 4 4 M • 4 0 @ 120 1 1 T • 5 • 120 1 1 7 S @ #
• 2 8: .3 . /40 7 1 : 3880 : 750 3 1 0 • o kG h • 08 S • o S n • 08 o c b • o c b g a • • o Z • i 2 me
• S • 3 + 7+4 • +4+ 7+4 • 44+ 7+4 • P DCA • 3 3+4+4 W DCA • W DCA • DCA
9 SK 6 B DP 5 S 5 EED MC .DMI HM 5SM 0HEEDPDMRH K O UDP M K H MMS K 4MRDPM RH M K /P OR K F / MEDPDMBD OPHMFDP .DPKHM 3DHCDKADPF 1PHB .PHDP / PH R O D /K THDP MC 2P MBH KHTHDP / PPDK RH M O UDP M K H UHR KD J FD CDK 4MRDPM RH M K PJ O M /P OR FP O HB 3 PCU PD MC 1 ADCCDC RD OPHMFDP .DPKHM 3DHCDKADPF mk hai j f_c n 0H ku l bg d e vsw n t t , RRO ,""UUU HO F IO" DBSPHR "DMB" PRB PC"M CD R K 1. o r , RRO,"" R B SDB B IO" 6 : "OCE" 1. 9 :DO PR 5 O MD D OCE / HO H ODPDP UHJH, RRO ,""UHJH MDU D B "/ PPDK RH M 9 UDP M K H ypzku77 , RRO ,""UHJH BKSA SDB B IO"/ 2" KJHR"W O

More Related Content

PPTX
katagaitai CTF勉強会 #3 crypto
trmr
 
PPTX
有向グラフに対する 非線形ラプラシアンと ネットワーク解析
Yuichi Yoshida
 
PDF
はじめてのKrylov部分空間法
tmaehara
 
PDF
Linked Open Data勉強会2020 後編:SPARQLの簡単な使い方、SPARQLを使った簡単なアプリ開発
KnowledgeGraph
 
PDF
Intro to SVE 富岳のA64FXを触ってみた
MITSUNARI Shigeo
 
PDF
ペアリングベースの効率的なレベル2準同型暗号(SCIS2018)
MITSUNARI Shigeo
 
PDF
暗号化したまま計算できる暗号技術とOSS開発による広がり
MITSUNARI Shigeo
 
PDF
Jsai
Hiroshi Maruyama
 
katagaitai CTF勉強会 #3 crypto
trmr
 
有向グラフに対する 非線形ラプラシアンと ネットワーク解析
Yuichi Yoshida
 
はじめてのKrylov部分空間法
tmaehara
 
Linked Open Data勉強会2020 後編:SPARQLの簡単な使い方、SPARQLを使った簡単なアプリ開発
KnowledgeGraph
 
Intro to SVE 富岳のA64FXを触ってみた
MITSUNARI Shigeo
 
ペアリングベースの効率的なレベル2準同型暗号(SCIS2018)
MITSUNARI Shigeo
 
暗号化したまま計算できる暗号技術とOSS開発による広がり
MITSUNARI Shigeo
 
Jsai
Hiroshi Maruyama
 

What's hot (20)

PPTX
Bootstrap methodの勉強メモ
Norimitsu Nishida
 
PPTX
カルマンフィルタ入門
Yasunori Nihei
 
PDF
katagaitai CTF勉強会 #5 Crypto
trmr
 
PDF
WASM(WebAssembly)入門 ペアリング演算やってみた
MITSUNARI Shigeo
 
PDF
PRML EP法 10.7 10.7.2
tmtm otm
 
PPTX
【解説】 一般逆行列
Kenjiro Sugimoto
 
PPTX
帰納バイアスが成立する条件
Shinobu KINJO
 
PDF
今日からできる構造学習(主に構造化パーセプトロンについて)
syou6162
 
PPTX
[DL輪読会] GAN系の研究まとめ (NIPS2016とICLR2016が中心)
Yusuke Iwasawa
 
PDF
強化学習その4
nishio
 
PDF
シンギュラリティを知らずに機械学習を語るな
hoxo_m
 
PPTX
[DL輪読会]Let there be color
Deep Learning JP
 
PDF
ブロックチェーン系プロジェクトで着目される暗号技術
MITSUNARI Shigeo
 
PDF
競プロは社会の役に立たない+ベンチャー企業の話 (NPCA夏合宿OB講演).pdf
catupper
 
PPTX
差分プライバシーとは何か? (定義 & 解釈編)
Kentaro Minami
 
PDF
SGD+α: 確率的勾配降下法の現在と未来
Hidekazu Oiwa
 
PDF
[DL Hacks]Simple Online Realtime Tracking with a Deep Association Metric
Deep Learning JP
 
PDF
異常検知と変化検知 第4章 近傍法による異常検知
Ken'ichi Matsui
 
PDF
機械学習を用いた仕様書からのテストケース自動生成ツールSpec2Testの試作
Futa HIRAKOBA
 
PDF
高速フーリエ変換
AtCoder Inc.
 
Bootstrap methodの勉強メモ
Norimitsu Nishida
 
カルマンフィルタ入門
Yasunori Nihei
 
katagaitai CTF勉強会 #5 Crypto
trmr
 
WASM(WebAssembly)入門 ペアリング演算やってみた
MITSUNARI Shigeo
 
PRML EP法 10.7 10.7.2
tmtm otm
 
【解説】 一般逆行列
Kenjiro Sugimoto
 
帰納バイアスが成立する条件
Shinobu KINJO
 
今日からできる構造学習(主に構造化パーセプトロンについて)
syou6162
 
[DL輪読会] GAN系の研究まとめ (NIPS2016とICLR2016が中心)
Yusuke Iwasawa
 
強化学習その4
nishio
 
シンギュラリティを知らずに機械学習を語るな
hoxo_m
 
[DL輪読会]Let there be color
Deep Learning JP
 
ブロックチェーン系プロジェクトで着目される暗号技術
MITSUNARI Shigeo
 
競プロは社会の役に立たない+ベンチャー企業の話 (NPCA夏合宿OB講演).pdf
catupper
 
差分プライバシーとは何か? (定義 & 解釈編)
Kentaro Minami
 
SGD+α: 確率的勾配降下法の現在と未来
Hidekazu Oiwa
 
[DL Hacks]Simple Online Realtime Tracking with a Deep Association Metric
Deep Learning JP
 
異常検知と変化検知 第4章 近傍法による異常検知
Ken'ichi Matsui
 
機械学習を用いた仕様書からのテストケース自動生成ツールSpec2Testの試作
Futa HIRAKOBA
 
高速フーリエ変換
AtCoder Inc.
 
Ad

Similar to katagaitai CTF workshop #10 AESに対する相関電力解析 (20)

PDF
Kubernetes ネットワーキングのすべて
LINE Corporation
 
PDF
A research paper introduction of Universal transformers
Keigo Kawamura
 
PDF
safer erlang.PDF
Sérgio Mesquita
 
PDF
Informe sobre el mercado de griferías, principales canales de distribución, s...
Jorge Flores Jimenez
 
PDF
Prelude to halide_public
Fixstars Corporation
 
PDF
ΠΛΗ31 ΜΑΘΗΜΑ 4.1 (ΕΚΤΥΠΩΣΗ)
Dimitris Psounis
 
PDF
20190225 DIY伝送装置
Kato Ryosuke
 
PDF
ブロックチェーン: 「 書き換え不可能な記録」によって 社会はどう変化するか?
Yoshiharu Ikutani
 
PDF
AtCoder Regular Contest 038 解説
AtCoder Inc.
 
PDF
Attention-Based Adaptive Selection of Operations for Image Restoration in the...
MasanoriSuganuma
 
PDF
FIWARE Global Summit - FI-Lab India Stepping Stone for Implementing FIWARE Ec...
FIWARE
 
PPSX
Data Encryption Standard (DES)
Amir Masinaei
 
PDF
Matemática - Actividades Nivel Inicial - Juegos
Comisión Provincial de Actividades Científicas y Tecnológicas
 
PDF
Что должен уметь облачный провайдер
Denis Bezkorovayny
 
PDF
Db2 Warehouse v3.0 SMP 導入ガイド 20190104 Db2 Warehouse SMP v3.0 configration Ins...
IBM Analytics Japan
 
PDF
Dscd 11-co-36 agric resal
oblanca
 
PDF
[DL Hacks 実装]Attention is All You Need
Deep Learning JP
 
PDF
市民発の参院選(&衆院選)マニフェスト提案 #私が生きやすい日本に - 日本の運命の分かれ道、令和元年 #2019年参院選 提案資料 -
立憲パートナーズ社会構想研究会(非公式)
 
PDF
TCVN 9360 2012_Quan trac lun.pdf
KitNguynTun19
 
PDF
DevOps導入支援サービス
Arata Fujimura
 
Kubernetes ネットワーキングのすべて
LINE Corporation
 
A research paper introduction of Universal transformers
Keigo Kawamura
 
safer erlang.PDF
Sérgio Mesquita
 
Informe sobre el mercado de griferías, principales canales de distribución, s...
Jorge Flores Jimenez
 
Prelude to halide_public
Fixstars Corporation
 
ΠΛΗ31 ΜΑΘΗΜΑ 4.1 (ΕΚΤΥΠΩΣΗ)
Dimitris Psounis
 
20190225 DIY伝送装置
Kato Ryosuke
 
ブロックチェーン: 「 書き換え不可能な記録」によって 社会はどう変化するか?
Yoshiharu Ikutani
 
AtCoder Regular Contest 038 解説
AtCoder Inc.
 
Attention-Based Adaptive Selection of Operations for Image Restoration in the...
MasanoriSuganuma
 
FIWARE Global Summit - FI-Lab India Stepping Stone for Implementing FIWARE Ec...
FIWARE
 
Data Encryption Standard (DES)
Amir Masinaei
 
Matemática - Actividades Nivel Inicial - Juegos
Comisión Provincial de Actividades Científicas y Tecnológicas
 
Что должен уметь облачный провайдер
Denis Bezkorovayny
 
Db2 Warehouse v3.0 SMP 導入ガイド 20190104 Db2 Warehouse SMP v3.0 configration Ins...
IBM Analytics Japan
 
Dscd 11-co-36 agric resal
oblanca
 
[DL Hacks 実装]Attention is All You Need
Deep Learning JP
 
市民発の参院選(&衆院選)マニフェスト提案 #私が生きやすい日本に - 日本の運命の分かれ道、令和元年 #2019年参院選 提案資料 -
立憲パートナーズ社会構想研究会(非公式)
 
TCVN 9360 2012_Quan trac lun.pdf
KitNguynTun19
 
DevOps導入支援サービス
Arata Fujimura
 
Ad

Recently uploaded (20)

PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 

katagaitai CTF workshop #10 AESに対する相関電力解析

  • 2. • T • C F • 22 3 • T 3 • F 3 C
  • 3. • 9C9 9 C9 Nx eN • # F # E MN oP • # E k tgRhL78 • # ( sE 7240 • # ( E 865l Sx Nn • # ( E 1 C l Sx Nn • # ) sE ( gN I3 C 0 C C A • # ) sE ) x P • # ) E Sx • # sE x P • # sE x P • # E # ia • # E x P
  • 5. • ( C t dg : o V • R( C S( T Fnp ws • ( E • • : • 5 ) • t bcfi • ( • r • : : : 5 A : • ce k • R M ce kH E • chla uyHmIE
  • 6. • i M • e Wt t • e W t • e W rh a c y H • rh B y H • d W ku • H 6 ( 2 ( w • e W S tx o 2 l a c ) 2 2 HG
  • 7. & • 50772842 • F H c • a • ::01 eF DC • 2 2892 e EDA DC • T S •
  • 8. • xt ro xt xt b e k • xt ro xt 8c l :e • ro xt 8c l :e • ro a g c b e k xt (+ xt xt . xt a y )/(
  • 9. • w : c n • - R Iue j A cS9 • j w l a M 9 n • - F t i M 9 I C t n • n w • 9 9T A d S9 • kdn w • okd I C cS9
  • 10. • eoimGf w u c c Ta • v wW u sSa • w r u pO • w hjod gGf 0 B Pa W • w hjod • klntgGf O • Qb_ q a BB E E/ 1 B /:. . : ./. : /:. 1B / 1 A B 1 B/ B
  • 13. • /03 /4D4 0 6 AD 3D4 4 • fed • 18 D8 bc ed • Kb • ( 5 D S f • 23. 28 36 8 E : . : D a DDA - 6 6 D : F 6 6 8 4 AE5 64D 9 A ( 4 6 F8 ) 6E 8 D 9 A ( A 9
  • 14. ( ( ) ) • +1 1 54 2 (528 4 6 + ( • 4 m K h 4 S m • + ( A m 4 • ) 1 6 1 ) 84 1 g c • 4 4 i • ei D C 4 c • 4 ) d • ) g c • ) • ei D C 4 l c • b 4 S P m+
  • 15. ( • 2 • E(86 24 2 • ) 1 K • 25 8 • E 3 86 24 2 • 2 8 • E 86 24 2
  • 16. • • F1 • F A • A 1 6
  • 17. ! • U R : 8 • • E 4 4 8 • E 4 7K 4 8 • 4 8 1 T56 OP U
  • 19. • )- 0 10 ) 82 -8 0 0 • ()-AN • - S E • PA D SR )- A 9 0
  • 20. ) ( ( ) • + ( w (03 • 62 (03 A S • E Rw (03 w • - 62) W od c • 80 62) 0 :nt c • -1 ) u • Rb w i od c • + ( RK c • • Rw w r
  • 21. ( • : • 8 : AC M B • ) M A RKb - • : B X • 2 1: S R • ( AS
  • 23. • p pE CH rlf Ksa e • S ) : 9 9 2 Brl E p • 4 : 2 9 2 0 4 i m D f p • 4332 2 40 9 2 0 4 i A ns p • S ) ( 42 B)9 2 0 49 9 2 0 4 ) • )9 2 0 49 9 2 0 4 ) P okH i c A ns p
  • 24. • 2C D 4 • I C • F I C • , A I C PD 4
  • 25. • C 9 BH9D A5 IE E ) su hdpm tb nf j • . hdpm tbP Se K i • c 2 • c a nf • nf wg rtP S ol 5 2B 9D" 1BE 5 15::9" 5A 9A 5 A 1 A ::9D9A 5 CBH9D 5A5 IE E J AA 5 A 9DA5 BA5 ,DIC B B I ,BA:9D9A 9 CD A 9D" 9D A" 9 9 69D " ((( 2 c a nf
  • 26. • 2 6 • + 6 • 6 2 2 2 2 6
  • 27. • - ( 2 -( e i a e BA i • P B a • D7 a P B a P B D7 a D f a f a
  • 28. • E ? • 3 b i 2 e • 1 0 e : - 1 D D ?D K68 • 1 0 D = S • 1 0 D K i E - 1 - 1 - 1 1 0 1 0 1 0
  • 29. • b W 2 1 • b - W • i i W 0 2 • W 0 9 b b W b W W W b - W 9 9 9 9 9
  • 30. 3 • E b= : • 1 0 S • S K - 3 2D 2D= 2D 6 • 2DK S e • 2D e S K E - - - ( )
  • 31. • ( : C • () S S C C • A P AE3B 1 • S 1C • DBA 6 (
  • 32. ! • OS E6USD E3 • = E6= 4 2 • PT 3 PT • R ) ( D 162 A OS E
  • 33. • 1 : • 5 S • t p5 • 4 5 • S 6 2 2 • 2 • 6 i 8 6 840 6 • S e 8 b 0 S 7 3 • S 7 p
  • 34. • 0 4 • P6 1 UO • S P b R D 3E T P )(
  • 35. • - e • p1 0 Sb 31 0 • p1 Sb 31 0 i i W W 1 W 1 W 1 05 W W W W 6 p1 0 i i W W W W 1 05 W W W W 6 p1 0
  • 36. • ( (122 10 1 2 0 63 3 oit w : • ) aD • s ) ( • e 12 n Pb • b • t lr P C A P • lr t • t • y P b t oii P
  • 37. • ρ",$ X : • Y: • X , 73 • • %&' (, ) = + ( − -( ) − -) • -( ( Y • + ( ( Y • . ( = +[ ( − -( 0] • ρ",$ 1 1- • ρ",$ = 234 ",$ 5 " 5 $ = 6 "78" $78$ 6[ "78" 9]6[ $78$ 9]
  • 38. • 2 1-0 B • b so = e • 1- e 2 1-0 B K EA S • 1- :B e p B • 1- K B e 3 K 8 1- 1- 1- K
  • 39. • ρ",$ - Y : • , 30 • 19 , 30 : 30 X : 30 30
  • 40. • SD D 4B • P E E D B B • b 1 D 0:CA e
  • 41. • d b [ 7 6 5 x • 6 3 d i 16 p • 6 3 d 16 p • 6 3 16 r 7 6 5 • 7 6 5 28 16 - • 6 3 7 6 5 : ] • 6 3 x s u • 6 3 s uB ]S W 16 Bt e: 6 3 : 16 p • 6 3 6 3 : i 24 y : 16 16 i 6 3 o
  • 42. • 1 • - K [o : e B 4- 6 2 S • 4- 6 2 S 05 e - • u • 1 • s - ] : 8 S K] p b 8 u B i 8 • s - t 8 S Kt pb 8 u B i 8 e - ( 8 3 ( ) 8
  • 44. • P ( 4 ) A • P ) • 4C 4 )
  • 45. • ) ( ))( ( ( • D • !"#(%&) = ∑&*+ ,-. /0 %& + 2 − /.(2) • S m o fb m fb/. i 4., … , 40 n fb/0 5 c!"#(%&)を取得 o SAD(%&)4 %& AD 5 D e
  • 46. • S () 4: • ρ",$ = ∑'() * +',,-+, .',/-./ ∑'() * +',,-+, 0 ∑'() * .',/-./ 0 • 1 6 () • 2 B • 3 B • ℎ : 4: • 5 B
  • 47. b 1 E 1 2 27 ℎ",$ − ℎ$ d B A 7 &",' − (&' b 1 E 1 ) 8 0 ℎ",$ S 84 ℎ",$ − ℎ$ を取得 d B A *7 &",' − (&' S e ), *7 S ρ$,' = ∑"./ 0 ℎ",$ − ℎ$ &",' − (&' ∑"./ 0 ℎ",$ − ℎ$ 1 ∑"./ 0 &",' − (&' 1 e ), *7 2$,'
  • 49. • R il C • . • ) ( ) / • c ) ( ) / • . / 9 . / 9 / / ?4. 9 4 . 4 . A 9 4. . . 49 . 4 .9 4 4 9 / .9 9 /4 9 9 9 . A 9 4. 9 49 A9 A • n • T mk e a fd EhD • o g MC
  • 50. ( ) • be ogit A7 A7 @7 S d r ogit d y c 1E 7 : 49 7 #$# 3E> 0 < $ ,$ , $ 125 -7 :E F 7@> 7 :E F. 49 7 O hpsk l u Te Od • 49 7 iumn t v 7 > F 7@@ C9 7 • 49 7 A7 @7 • C Oa O C9 7 C9 7 , .@C7: E79 F#A7 C9 7 , .F7 A7 E79 F# #A7 $
  • 51. )( • ). 5 • : 5 : S • • ( M • 5 :. " : : 5 5 " : : " 5 . :" "5 1 : 5 : " ":2 =
  • 52. ( ) !" #", … , #& !& 5 2 '()(+,)を取得 SAD(+,) +, def synchronize(trace, reference, window, max_offset): reference_window = reference[window[0]:window[1]] sad = [0] *(max_offset * 2 + 1) for x in range(0, max_offset * 2 + 1): trace_slice = trace[window[0]-max_offset + x:window[1]-max_offset + x] sad[x] = np.sum(np.abs(reference_window - trace_slice)) sad_idx = np.argmin(sad) offset = -max_offset + sad_idx synchronized_trace = trace if offset < 0: synchronized_trace = np.concatenate(([0] * abs(offset), synchronized_trace[:-abs(offset)])) elif offset > 0: synchronized_trace = np.concatenate((synchronized_trace[abs(offset):], [0]*abs(offset))) return synchronized_trace
  • 53. ( )
  • 54. ( 4 4 ! 4 ℎ#,% ℎ#,% − ℎ% を取得 B ' S 4 (#,) − *() b + ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 ρ%,) = ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 d 5 ρ%,) ! for k_idx in range(16): # determine key index cpaoutput = [0] *256 # follow valiables may not be need maxcpa = [0] *256 for kguess in range(256): # determine word key candidate sumnum = np.zeros(NUM_POINTS) sumden1 = np.zeros(NUM_POINTS) sumden2 = np.zeros(NUM_POINTS) hyp = np.zeros(NUM_TRACES) for t_idx in range(NUM_TRACES): # hypothesis hamming weight hyp[t_idx] = humming[addkey_subbytes(pt_list[t_idx][k_idx], kguess)] h_mean = np.mean(hyp, dtype=np.float64) t_mean = np.mean(sync_traces, axis = 0, dtype = np.float64) for t_idx in range(NUM_TRACES): hdiff = (hyp[t_idx] - h_mean) tdiff = sync_traces[t_idx] - t_mean sumnum = sumnum + (hdiff * tdiff) sumden1 = sumden1 + hdiff * hdiff sumden2 = sumden2 + tdiff * tdiff cpaoutput[kguess] = sumnum / np.sqrt(sumden1 * sumden2) maxcpa[kguess] = max(abs(cpaoutput[kguess])) bestguess[k_idx] = np.argmax(maxcpa) print "best guess key [{0}] is {1:02x}".format(k_idx, bestguess[k_idx])
  • 55. 12 52 8 1 $ python CPA.py best guess key [1] is fe best guess key [2] is ba best guess key [3] is be best guess key [4] is de best guess key [5] is ad best guess key [6] is be best guess key [7] is ef best guess key [8] is 00 best guess key [9] is 01 best guess key [10] is 02 best guess key [11] is 03 best guess key [12] is 04 best guess key [13] is 05 best guess key [14] is 06 best guess key [15] is 07 Best key guess: CAFEBABEDEADBEEF0001020304050607
  • 56. • , : : • tlu w c • a W g bd M Lro • Ud chn • m ( a W x • . / 6 / / : : : 5 • , ( ) / • ei , • Ud c CR p • ) / s
  • 57. • 0 20 3 • 0 20 5 • W L • 0 20 5 F5C W • $ T • + 7 = $
  • 58. ) ( ( • . c • • . .5 N S W f .8 _ • = aei lC • hg .8 f #Save as ChipWhisperer project tc = TraceContainerNative() for i in range(0, ntraces): tc.addWave(traces['samples'][i]) tc.addTextin(inp[i]) tc.addTextout(out[i]) tc.addKey([0]*16) os.mkdir('rhme3') tc.saveAllTraces('rhme3') tc.config.setConfigFilename('rhme3/rhme.cfg') tc.config.saveTrace()
  • 59. ) ( ( • . • .5 • . 5 9 • C
  • 60. ) ( • - - c • • 0 P e 6 a d • a d • • P P T 1 R
  • 61. )( • 1 -1 6 : R 1 6: a • :1 - 6 :1 • 1 6: R W a • :1 6: eG • d D M E I • : 6: A S b fc • : 0 PM #
  • 62. )(
  • 63. ) ( • A • 1 • R • 3 T 6
  • 64. • • ( ) • E • H C 4 6 I C F • E F S T 4 C • F 6
  • 65. 0
  • 66. • f • 0 8850/ 9 98 0: 60 0: 8 4 0 .: 9 48 8 0 /8 5 8 0 50 0 8 5 8 8 . 0 .: 9 :4 2 81 ) . : . 0: 8 0 0: 4.0 9 ) ( ( :4 2 0 .: 9 • e • ip y ʼ va wrk ou 4 h dn • ʼ va 6 m • s g • xc • b h ʼ tva wrk ou 4 h m ((
  • 67. ) ( • 2 8 7 61 : 1 • 28 2 8 7 2 7.1 • 7 EA • 2 8 7 61 add $t1, $zero, $zero# clear out $t1 ; 00004820 addi $t1, $t1, 0x9e# TEA magic is 0x9e3779b7 ; 2129009E sll $t1, $t1, 8# shift out making room in the bottom 4; 00094a00 addi $t1, $t1, 0x37 ; 21290037
  • 68. ) ( • 8 • : • • 8 6 : {'j1istE9p': [0, … , 0], 'EXdxTejF': [0, … , 0], … }
  • 69. () • + 1( • s0 0 • 0 0 3 9^ e i • m 3 ) 3 41 0 • s 3 k • + 1( • s0 + • )b 3 3 • + t 9 = 6b m 3 • m 3 ) 3 41 0 • 0 a • s 0 k • d: s k9e lw $t8, $zero, 8# k0 mem[8-23] = k ; 8c180008 lw $s7, $zero, 12# k1 ; 8C17000C lw $s6, $zero, 16# k2 ; 8C160010 lw $t3, $zero, 20# k3 now our keys are in registers ; 8c0b0014 sll $s4, $t6, 4# (v1 << 4) ; 000ea100 add $s4, $s4, $t8# +k0 part 1 is in s4 ; 0298a020
  • 70. ) ( • S Z vtoe yr lfPh • s M u Pb i F zgTC jw • / 0 0 /3 c S • R C Makp • 3 : 3 . / 0 • m Makp • 3 : /7 . 0/ / : 7 :
  • 71. ( • 5 07 211070 92. 65 07 6 G • • CU P • 570 2 • H • B
  • 72. • # # / 4 4 M • 4 0 @ 120 1 1 T • 5 • 120 1 1 7 S @ #
  • 73. • 2 8: .3 . /40 7 1 : 3880 : 750 3 1 0 • o kG h • 08 S • o S n • 08 o c b • o c b g a • • o Z • i 2 me
  • 74. • S • 3 + 7+4 • +4+ 7+4 • 44+ 7+4 • P DCA • 3 3+4+4 W DCA • W DCA • DCA
  • 75. 9 SK 6 B DP 5 S 5 EED MC .DMI HM 5SM 0HEEDPDMRH K O UDP M K H MMS K 4MRDPM RH M K /P OR K F / MEDPDMBD OPHMFDP .DPKHM 3DHCDKADPF 1PHB .PHDP / PH R O D /K THDP MC 2P MBH KHTHDP / PPDK RH M O UDP M K H UHR KD J FD CDK 4MRDPM RH M K PJ O M /P OR FP O HB 3 PCU PD MC 1 ADCCDC RD OPHMFDP .DPKHM 3DHCDKADPF mk hai j f_c n 0H ku l bg d e vsw n t t , RRO ,""UUU HO F IO" DBSPHR "DMB" PRB PC"M CD R K 1. o r , RRO,"" R B SDB B IO" 6 : "OCE" 1. 9 :DO PR 5 O MD D OCE / HO H ODPDP UHJH, RRO ,""UHJH MDU D B "/ PPDK RH M 9 UDP M K H ypzku77 , RRO ,""UHJH BKSA SDB B IO"/ 2" KJHR"W O