katagaitai CTF workshop #10 AESに対する相関電力解析

T
trmr
katagaitai workshop #10 Crypto by trmr
• T • C F • 22 3 • T 3 • F 3 C
• 9C9 9 C9 Nx eN • # F # E MN oP • # E k tgRhL78 • # ( sE 7240 • # ( E 865l Sx Nn • # ( E 1 C l Sx Nn • # ) sE ( gN I3 C 0 C C A • # ) sE ) x P • # ) E Sx • # sE x P • # sE x P • # E # ia • # E x P
katagaitai CTF workshop #10 AESに対する相関電力解析
• ( C t dg : o V • R( C S( T Fnp ws • ( E • • : • 5 ) • t bcfi • ( • r • : : : 5 A : • ce k • R M ce kH E • chla uyHmIE
• i M • e Wt t • e W t • e W rh a c y H • rh B y H • d W ku • H 6 ( 2 ( w • e W S tx o 2 l a c ) 2 2 HG
& • 50772842 • F H c • a • ::01 eF DC • 2 2892 e EDA DC • T S •
• xt ro xt xt b e k • xt ro xt 8c l :e • ro xt 8c l :e • ro a g c b e k xt (+ xt xt . xt a y )/(
• w : c n • - R Iue j A cS9 • j w l a M 9 n • - F t i M 9 I C t n • n w • 9 9T A d S9 • kdn w • okd I C cS9
• eoimGf w u c c Ta • v wW u sSa • w r u pO • w hjod gGf 0 B Pa W • w hjod • klntgGf O • Qb_ q a BB E E/ 1 B /:. . : ./. : /:. 1B / 1 A B 1 B/ B
• • ba • 1 • 1 •
katagaitai CTF workshop #10 AESに対する相関電力解析
• /03 /4D4 0 6 AD 3D4 4 • fed • 18 D8 bc ed • Kb • ( 5 D S f • 23. 28 36 8 E : . : D a DDA - 6 6 D : F 6 6 8 4 AE5 64D 9 A ( 4 6 F8 ) 6E 8 D 9 A ( A 9
( ( ) ) • +1 1 54 2 (528 4 6 + ( • 4 m K h 4 S m • + ( A m 4 • ) 1 6 1 ) 84 1 g c • 4 4 i • ei D C 4 c • 4 ) d • ) g c • ) • ei D C 4 l c • b 4 S P m+
( • 2 • E(86 24 2 • ) 1 K • 25 8 • E 3 86 24 2 • 2 8 • E 86 24 2
• • F1 • F A • A 1 6
! • U R : 8 • • E 4 4 8 • E 4 7K 4 8 • 4 8 1 T56 OP U
• 586 • • K F 1
• )- 0 10 ) 82 -8 0 0 • ()-AN • - S E • PA D SR )- A 9 0
) ( ( ) • + ( w (03 • 62 (03 A S • E Rw (03 w • - 62) W od c • 80 62) 0 :nt c • -1 ) u • Rb w i od c • + ( RK c • • Rw w r
( • : • 8 : AC M B • ) M A RKb - • : B X • 2 1: S R • ( AS
katagaitai CTF workshop #10 AESに対する相関電力解析
• p pE CH rlf Ksa e • S ) : 9 9 2 Brl E p • 4 : 2 9 2 0 4 i m D f p • 4332 2 40 9 2 0 4 i A ns p • S ) ( 42 B)9 2 0 49 9 2 0 4 ) • )9 2 0 49 9 2 0 4 ) P okH i c A ns p
• 2C D 4 • I C • F I C • , A I C PD 4
• C 9 BH9D A5 IE E ) su hdpm tb nf j • . hdpm tbP Se K i • c 2 • c a nf • nf wg rtP S ol 5 2B 9D" 1BE 5 15::9" 5A 9A 5 A 1 A ::9D9A 5 CBH9D 5A5 IE E J AA 5 A 9DA5 BA5 ,DIC B B I ,BA:9D9A 9 CD A 9D" 9D A" 9 9 69D " ((( 2 c a nf
• 2 6 • + 6 • 6 2 2 2 2 6
• - ( 2 -( e i a e BA i • P B a • D7 a P B a P B D7 a D f a f a
• E ? • 3 b i 2 e • 1 0 e : - 1 D D ?D K68 • 1 0 D = S • 1 0 D K i E - 1 - 1 - 1 1 0 1 0 1 0
• b W 2 1 • b - W • i i W 0 2 • W 0 9 b b W b W W W b - W 9 9 9 9 9
3 • E b= : • 1 0 S • S K - 3 2D 2D= 2D 6 • 2DK S e • 2D e S K E - - - ( )
• ( : C • () S S C C • A P AE3B 1 • S 1C • DBA 6 (
! • OS E6USD E3 • = E6= 4 2 • PT 3 PT • R ) ( D 162 A OS E
• 1 : • 5 S • t p5 • 4 5 • S 6 2 2 • 2 • 6 i 8 6 840 6 • S e 8 b 0 S 7 3 • S 7 p
• 0 4 • P6 1 UO • S P b R D 3E T P )(
• - e • p1 0 Sb 31 0 • p1 Sb 31 0 i i W W 1 W 1 W 1 05 W W W W 6 p1 0 i i W W W W 1 05 W W W W 6 p1 0
• ( (122 10 1 2 0 63 3 oit w : • ) aD • s ) ( • e 12 n Pb • b • t lr P C A P • lr t • t • y P b t oii P
• ρ",$ X : • Y: • X , 73 • • %&' (, ) = + ( − -( ) − -) • -( ( Y • + ( ( Y • . ( = +[ ( − -( 0] • ρ",$ 1 1- • ρ",$ = 234 ",$ 5 " 5 $ = 6 "78" $78$ 6[ "78" 9]6[ $78$ 9]
• 2 1-0 B • b so = e • 1- e 2 1-0 B K EA S • 1- :B e p B • 1- K B e 3 K 8 1- 1- 1- K
• ρ",$ - Y : • , 30 • 19 , 30 : 30 X : 30 30
• SD D 4B • P E E D B B • b 1 D 0:CA e
• d b [ 7 6 5 x • 6 3 d i 16 p • 6 3 d 16 p • 6 3 16 r 7 6 5 • 7 6 5 28 16 - • 6 3 7 6 5 : ] • 6 3 x s u • 6 3 s uB ]S W 16 Bt e: 6 3 : 16 p • 6 3 6 3 : i 24 y : 16 16 i 6 3 o
• 1 • - K [o : e B 4- 6 2 S • 4- 6 2 S 05 e - • u • 1 • s - ] : 8 S K] p b 8 u B i 8 • s - t 8 S Kt pb 8 u B i 8 e - ( 8 3 ( ) 8
katagaitai CTF workshop #10 AESに対する相関電力解析
• P ( 4 ) A • P ) • 4C 4 )
• ) ( ))( ( ( • D • !"#(%&) = ∑&*+ ,-. /0 %& + 2 − /.(2) • S m o fb m fb/. i 4., … , 40 n fb/0 5 c!"#(%&)を取得 o SAD(%&)4 %& AD 5 D e
• S () 4: • ρ",$ = ∑'() * +',,-+, .',/-./ ∑'() * +',,-+, 0 ∑'() * .',/-./ 0 • 1 6 () • 2 B • 3 B • ℎ : 4: • 5 B
b 1 E 1 2 27 ℎ",$ − ℎ$ d B A 7 &",' − (&' b 1 E 1 ) 8 0 ℎ",$ S 84 ℎ",$ − ℎ$ を取得 d B A *7 &",' − (&' S e ), *7 S ρ$,' = ∑"./ 0 ℎ",$ − ℎ$ &",' − (&' ∑"./ 0 ℎ",$ − ℎ$ 1 ∑"./ 0 &",' − (&' 1 e ), *7 2$,'
katagaitai CTF workshop #10 AESに対する相関電力解析
• R il C • . • ) ( ) / • c ) ( ) / • . / 9 . / 9 / / ?4. 9 4 . 4 . A 9 4. . . 49 . 4 .9 4 4 9 / .9 9 /4 9 9 9 . A 9 4. 9 49 A9 A • n • T mk e a fd EhD • o g MC
( ) • be ogit A7 A7 @7 S d r ogit d y c 1E 7 : 49 7 #$# 3E> 0 < $ ,$ , $ 125 -7 :E F 7@> 7 :E F. 49 7 O hpsk l u Te Od • 49 7 iumn t v 7 > F 7@@ C9 7 • 49 7 A7 @7 • C Oa O C9 7 C9 7 , .@C7: E79 F#A7 C9 7 , .F7 A7 E79 F# #A7 $
)( • ). 5 • : 5 : S • • ( M • 5 :. " : : 5 5 " : : " 5 . :" "5 1 : 5 : " ":2 =
( ) !" #", … , #& !& 5 2 '()(+,)を取得 SAD(+,) +, def synchronize(trace, reference, window, max_offset): reference_window = reference[window[0]:window[1]] sad = [0] *(max_offset * 2 + 1) for x in range(0, max_offset * 2 + 1): trace_slice = trace[window[0]-max_offset + x:window[1]-max_offset + x] sad[x] = np.sum(np.abs(reference_window - trace_slice)) sad_idx = np.argmin(sad) offset = -max_offset + sad_idx synchronized_trace = trace if offset < 0: synchronized_trace = np.concatenate(([0] * abs(offset), synchronized_trace[:-abs(offset)])) elif offset > 0: synchronized_trace = np.concatenate((synchronized_trace[abs(offset):], [0]*abs(offset))) return synchronized_trace
( )
( 4 4 ! 4 ℎ#,% ℎ#,% − ℎ% を取得 B ' S 4 (#,) − *() b + ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 ρ%,) = ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 d 5 ρ%,) ! for k_idx in range(16): # determine key index cpaoutput = [0] *256 # follow valiables may not be need maxcpa = [0] *256 for kguess in range(256): # determine word key candidate sumnum = np.zeros(NUM_POINTS) sumden1 = np.zeros(NUM_POINTS) sumden2 = np.zeros(NUM_POINTS) hyp = np.zeros(NUM_TRACES) for t_idx in range(NUM_TRACES): # hypothesis hamming weight hyp[t_idx] = humming[addkey_subbytes(pt_list[t_idx][k_idx], kguess)] h_mean = np.mean(hyp, dtype=np.float64) t_mean = np.mean(sync_traces, axis = 0, dtype = np.float64) for t_idx in range(NUM_TRACES): hdiff = (hyp[t_idx] - h_mean) tdiff = sync_traces[t_idx] - t_mean sumnum = sumnum + (hdiff * tdiff) sumden1 = sumden1 + hdiff * hdiff sumden2 = sumden2 + tdiff * tdiff cpaoutput[kguess] = sumnum / np.sqrt(sumden1 * sumden2) maxcpa[kguess] = max(abs(cpaoutput[kguess])) bestguess[k_idx] = np.argmax(maxcpa) print "best guess key [{0}] is {1:02x}".format(k_idx, bestguess[k_idx])
12 52 8 1 $ python CPA.py best guess key [1] is fe best guess key [2] is ba best guess key [3] is be best guess key [4] is de best guess key [5] is ad best guess key [6] is be best guess key [7] is ef best guess key [8] is 00 best guess key [9] is 01 best guess key [10] is 02 best guess key [11] is 03 best guess key [12] is 04 best guess key [13] is 05 best guess key [14] is 06 best guess key [15] is 07 Best key guess: CAFEBABEDEADBEEF0001020304050607
• , : : • tlu w c • a W g bd M Lro • Ud chn • m ( a W x • . / 6 / / : : : 5 • , ( ) / • ei , • Ud c CR p • ) / s
• 0 20 3 • 0 20 5 • W L • 0 20 5 F5C W • $ T • + 7 = $
) ( ( • . c • • . .5 N S W f .8 _ • = aei lC • hg .8 f #Save as ChipWhisperer project tc = TraceContainerNative() for i in range(0, ntraces): tc.addWave(traces['samples'][i]) tc.addTextin(inp[i]) tc.addTextout(out[i]) tc.addKey([0]*16) os.mkdir('rhme3') tc.saveAllTraces('rhme3') tc.config.setConfigFilename('rhme3/rhme.cfg') tc.config.saveTrace()
) ( ( • . • .5 • . 5 9 • C
) ( • - - c • • 0 P e 6 a d • a d • • P P T 1 R
)( • 1 -1 6 : R 1 6: a • :1 - 6 :1 • 1 6: R W a • :1 6: eG • d D M E I • : 6: A S b fc • : 0 PM #
)(
) ( • A • 1 • R • 3 T 6
• • ( ) • E • H C 4 6 I C F • E F S T 4 C • F 6
0
• f • 0 8850/ 9 98 0: 60 0: 8 4 0 .: 9 48 8 0 /8 5 8 0 50 0 8 5 8 8 . 0 .: 9 :4 2 81 ) . : . 0: 8 0 0: 4.0 9 ) ( ( :4 2 0 .: 9 • e • ip y ʼ va wrk ou 4 h dn • ʼ va 6 m • s g • xc • b h ʼ tva wrk ou 4 h m ((
) ( • 2 8 7 61 : 1 • 28 2 8 7 2 7.1 • 7 EA • 2 8 7 61 add $t1, $zero, $zero# clear out $t1 ; 00004820 addi $t1, $t1, 0x9e# TEA magic is 0x9e3779b7 ; 2129009E sll $t1, $t1, 8# shift out making room in the bottom 4; 00094a00 addi $t1, $t1, 0x37 ; 21290037
) ( • 8 • : • • 8 6 : {'j1istE9p': [0, … , 0], 'EXdxTejF': [0, … , 0], … }
() • + 1( • s0 0 • 0 0 3 9^ e i • m 3 ) 3 41 0 • s 3 k • + 1( • s0 + • )b 3 3 • + t 9 = 6b m 3 • m 3 ) 3 41 0 • 0 a • s 0 k • d: s k9e lw $t8, $zero, 8# k0 mem[8-23] = k ; 8c180008 lw $s7, $zero, 12# k1 ; 8C17000C lw $s6, $zero, 16# k2 ; 8C160010 lw $t3, $zero, 20# k3 now our keys are in registers ; 8c0b0014 sll $s4, $t6, 4# (v1 << 4) ; 000ea100 add $s4, $s4, $t8# +k0 part 1 is in s4 ; 0298a020
) ( • S Z vtoe yr lfPh • s M u Pb i F zgTC jw • / 0 0 /3 c S • R C Makp • 3 : 3 . / 0 • m Makp • 3 : /7 . 0/ / : 7 :
( • 5 07 211070 92. 65 07 6 G • • CU P • 570 2 • H • B
• # # / 4 4 M • 4 0 @ 120 1 1 T • 5 • 120 1 1 7 S @ #
• 2 8: .3 . /40 7 1 : 3880 : 750 3 1 0 • o kG h • 08 S • o S n • 08 o c b • o c b g a • • o Z • i 2 me
• S • 3 + 7+4 • +4+ 7+4 • 44+ 7+4 • P DCA • 3 3+4+4 W DCA • W DCA • DCA
9 SK 6 B DP 5 S 5 EED MC .DMI HM 5SM 0HEEDPDMRH K O UDP M K H MMS K 4MRDPM RH M K /P OR K F / MEDPDMBD OPHMFDP .DPKHM 3DHCDKADPF 1PHB .PHDP / PH R O D /K THDP MC 2P MBH KHTHDP / PPDK RH M O UDP M K H UHR KD J FD CDK 4MRDPM RH M K PJ O M /P OR FP O HB 3 PCU PD MC 1 ADCCDC RD OPHMFDP .DPKHM 3DHCDKADPF mk hai j f_c n 0H ku l bg d e vsw n t t , RRO ,""UUU HO F IO" DBSPHR "DMB" PRB PC"M CD R K 1. o r , RRO,"" R B SDB B IO" 6 : "OCE" 1. 9 :DO PR 5 O MD D OCE / HO H ODPDP UHJH, RRO ,""UHJH MDU D B "/ PPDK RH M 9 UDP M K H ypzku77 , RRO ,""UHJH BKSA SDB B IO"/ 2" KJHR"W O
1 of 75

katagaitai CTF workshop #10 AESに対する相関電力解析

Download to read offline
Technology

2018年2月24日および3/18に開催したkatagaitai CTF勉強会の資料です。RHme3のTracing the Traces問題とBkP CTF2014のDifferential Powerを扱っています。DESに対する差分電力解析 (DPA) およびAESに対する相関電力解析 (CPA) を説明します。

T
trmr

Recommended

katagaitai CTF勉強会 #3 crypto by
katagaitai CTF勉強会 #3 cryptokatagaitai CTF勉強会 #3 crypto
katagaitai CTF勉強会 #3 cryptotrmr
7.4K views85 slides
katagaitai CTF勉強会 #5 Crypto by
katagaitai CTF勉強会 #5 Cryptokatagaitai CTF勉強会 #5 Crypto
katagaitai CTF勉強会 #5 Cryptotrmr
6.4K views149 slides
Katagaitai CTF勉強会 #4 Crypto by
Katagaitai CTF勉強会 #4 CryptoKatagaitai CTF勉強会 #4 Crypto
Katagaitai CTF勉強会 #4 Cryptotrmr
5.1K views59 slides
RSA鍵生成脆弱性ROCAの紹介 by
RSA鍵生成脆弱性ROCAの紹介RSA鍵生成脆弱性ROCAの紹介
RSA鍵生成脆弱性ROCAの紹介MITSUNARI Shigeo
4K views17 slides
初心者向けCTFのWeb分野の強化法 by
初心者向けCTFのWeb分野の強化法初心者向けCTFのWeb分野の強化法
初心者向けCTFのWeb分野の強化法kazkiti
15.8K views38 slides
tcpdumpとtcpreplayとtcprewriteと他。 by
tcpdumpとtcpreplayとtcprewriteと他。tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。(^-^) togakushi
11.9K views20 slides

More Related Content

What's hot

ARMアーキテクチャにおけるセキュリティ機構の紹介 by
ARMアーキテクチャにおけるセキュリティ機構の紹介ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介sounakano
621 views18 slides
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介 by
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介T. Suwa
3.8K views84 slides
MCC CTF講習会 pwn編 by
MCC CTF講習会 pwn編MCC CTF講習会 pwn編
MCC CTF講習会 pwn編hama7230
3.2K views45 slides
イベント駆動プログラミングとI/O多重化 by
イベント駆動プログラミングとI/O多重化イベント駆動プログラミングとI/O多重化
イベント駆動プログラミングとI/O多重化Gosuke Miyashita
15.4K views78 slides
ROS2のリアルタイム化に挑む WG初参加 by
ROS2のリアルタイム化に挑む WG初参加ROS2のリアルタイム化に挑む WG初参加
ROS2のリアルタイム化に挑む WG初参加Atsushi Hasegawa
1.5K views8 slides
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa by
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato KinugawaCODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato KinugawaCODE BLUE
25.2K views51 slides

What's hot(20)

ARMアーキテクチャにおけるセキュリティ機構の紹介 by sounakano
ARMアーキテクチャにおけるセキュリティ機構の紹介ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介
sounakano621 views
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介 by T. Suwa
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
T. Suwa3.8K views
MCC CTF講習会 pwn編 by hama7230
MCC CTF講習会 pwn編MCC CTF講習会 pwn編
MCC CTF講習会 pwn編
hama72303.2K views
イベント駆動プログラミングとI/O多重化 by Gosuke Miyashita
イベント駆動プログラミングとI/O多重化イベント駆動プログラミングとI/O多重化
イベント駆動プログラミングとI/O多重化
Gosuke Miyashita15.4K views
ROS2のリアルタイム化に挑む WG初参加 by Atsushi Hasegawa
ROS2のリアルタイム化に挑む WG初参加ROS2のリアルタイム化に挑む WG初参加
ROS2のリアルタイム化に挑む WG初参加
Atsushi Hasegawa1.5K views
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa by CODE BLUE
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato KinugawaCODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa
CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa
CODE BLUE25.2K views
ドット絵でプログラミング!難解言語『Piet』勉強会 by 京大 マイコンクラブ
ドット絵でプログラミング!難解言語『Piet』勉強会ドット絵でプログラミング!難解言語『Piet』勉強会
ドット絵でプログラミング!難解言語『Piet』勉強会
京大 マイコンクラブ7.9K views
SANS Holiday Hack 2017 (非公式ガイド) by Isaac Mathis
SANS Holiday Hack 2017 (非公式ガイド)SANS Holiday Hack 2017 (非公式ガイド)
SANS Holiday Hack 2017 (非公式ガイド)
Isaac Mathis2.9K views
オブジェクト指向エクササイズのススメ by Yoji Kanno
オブジェクト指向エクササイズのススメオブジェクト指向エクササイズのススメ
オブジェクト指向エクササイズのススメ
Yoji Kanno57.2K views
PEGで構文解析をする by jiro4989
PEGで構文解析をするPEGで構文解析をする
PEGで構文解析をする
jiro4989328 views
きつねさんでもわかるLlvm読書会 第2回 by Tomoya Kawanishi
きつねさんでもわかるLlvm読書会 第2回きつねさんでもわかるLlvm読書会 第2回
きつねさんでもわかるLlvm読書会 第2回
Tomoya Kawanishi9.7K views
ペアリングベースの効率的なレベル2準同型暗号(SCIS2018) by MITSUNARI Shigeo
ペアリングベースの効率的なレベル2準同型暗号(SCIS2018)ペアリングベースの効率的なレベル2準同型暗号(SCIS2018)
ペアリングベースの効率的なレベル2準同型暗号(SCIS2018)
MITSUNARI Shigeo4.4K views
デキるプログラマだけが知っているコードレビュー7つの秘訣 by Masahiro Nishimi
デキるプログラマだけが知っているコードレビュー7つの秘訣デキるプログラマだけが知っているコードレビュー7つの秘訣
デキるプログラマだけが知っているコードレビュー7つの秘訣
Masahiro Nishimi160.1K views
Unicode文字列処理 by 信之 岩永
Unicode文字列処理Unicode文字列処理
Unicode文字列処理
信之 岩永2.9K views
M5StackをRustで動かす by Kenta IDA
M5StackをRustで動かすM5StackをRustで動かす
M5StackをRustで動かす
Kenta IDA5.3K views
katagaitai workshop #7 crypto ナップサック暗号と低密度攻撃 by trmr
katagaitai workshop #7 crypto ナップサック暗号と低密度攻撃katagaitai workshop #7 crypto ナップサック暗号と低密度攻撃
katagaitai workshop #7 crypto ナップサック暗号と低密度攻撃
trmr 8.3K views
Pythonの理解を試みる 〜バイトコードインタプリタを作成する〜 by Preferred Networks
Pythonの理解を試みる 〜バイトコードインタプリタを作成する〜Pythonの理解を試みる 〜バイトコードインタプリタを作成する〜
Pythonの理解を試みる 〜バイトコードインタプリタを作成する〜
Preferred Networks14.6K views
究極のゲーム用通信プロトコル “WebRTC” by Ryosuke Otsuya
究極のゲーム用通信プロトコル “WebRTC”究極のゲーム用通信プロトコル “WebRTC”
究極のゲーム用通信プロトコル “WebRTC”
Ryosuke Otsuya9.4K views
RSA暗号運用でやってはいけない n のこと #ssmjp by sonickun
RSA暗号運用でやってはいけない n のこと #ssmjpRSA暗号運用でやってはいけない n のこと #ssmjp
RSA暗号運用でやってはいけない n のこと #ssmjp
sonickun58.5K views
女の子になれなかった人のために by 京大 マイコンクラブ
女の子になれなかった人のために女の子になれなかった人のために
女の子になれなかった人のために
京大 マイコンクラブ15.8K views

Similar to katagaitai CTF workshop #10 AESに対する相関電力解析

深層学習による非滑らかな関数の推定 by
深層学習による非滑らかな関数の推定深層学習による非滑らかな関数の推定
深層学習による非滑らかな関数の推定Masaaki Imaizumi
15.3K views42 slides
Attention-Based Adaptive Selection of Operations for Image Restoration in the... by
Attention-Based Adaptive Selection of Operations for Image Restoration in the...Attention-Based Adaptive Selection of Operations for Image Restoration in the...
Attention-Based Adaptive Selection of Operations for Image Restoration in the...MasanoriSuganuma
1K views34 slides
Google Polymer in Action by
Google Polymer in ActionGoogle Polymer in Action
Google Polymer in ActionJeongkyu Shin
328 views49 slides
[DL輪読会]Tracking Objects as Points by
[DL輪読会]Tracking Objects as Points[DL輪読会]Tracking Objects as Points
[DL輪読会]Tracking Objects as PointsDeep Learning JP
1.4K views29 slides
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis by
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image SynthesisDeep Learning JP
1.9K views30 slides
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints by
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypointscvpaper. challenge
624 views17 slides

Similar to katagaitai CTF workshop #10 AESに対する相関電力解析(20)

深層学習による非滑らかな関数の推定 by Masaaki Imaizumi
深層学習による非滑らかな関数の推定深層学習による非滑らかな関数の推定
深層学習による非滑らかな関数の推定
Masaaki Imaizumi15.3K views
Attention-Based Adaptive Selection of Operations for Image Restoration in the... by MasanoriSuganuma
Attention-Based Adaptive Selection of Operations for Image Restoration in the...Attention-Based Adaptive Selection of Operations for Image Restoration in the...
Attention-Based Adaptive Selection of Operations for Image Restoration in the...
MasanoriSuganuma1K views
Google Polymer in Action by Jeongkyu Shin
Google Polymer in ActionGoogle Polymer in Action
Google Polymer in Action
Jeongkyu Shin328 views
[DL輪読会]Tracking Objects as Points by Deep Learning JP
[DL輪読会]Tracking Objects as Points[DL輪読会]Tracking Objects as Points
[DL輪読会]Tracking Objects as Points
Deep Learning JP1.4K views
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis by Deep Learning JP
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis
[DL輪読会]Large Scale GAN Training for High Fidelity Natural Image Synthesis
Deep Learning JP1.9K views
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints by cvpaper. challenge
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints
【ECCV 2018】CornerNet: Detecting Objects as Paired Keypoints
cvpaper. challenge624 views
[DL Hacks 実装]Attention is All You Need by Deep Learning JP
[DL Hacks 実装]Attention is All You Need[DL Hacks 実装]Attention is All You Need
[DL Hacks 実装]Attention is All You Need
Deep Learning JP1.1K views
アーリース情報技術株式会社 会社案内 (2019/02/13) by Takeshi Mikami
アーリース情報技術株式会社 会社案内 (2019/02/13)アーリース情報技術株式会社 会社案内 (2019/02/13)
アーリース情報技術株式会社 会社案内 (2019/02/13)
Takeshi Mikami1.2K views
Semi-convolutional Operators for Instance Segmentation by Kento Doi
Semi-convolutional Operators for Instance SegmentationSemi-convolutional Operators for Instance Segmentation
Semi-convolutional Operators for Instance Segmentation
Kento Doi143 views
Prelude to halide_public by Fixstars Corporation
Prelude to halide_publicPrelude to halide_public
Prelude to halide_public
Fixstars Corporation3.4K views
[DL輪読会]Addressing Failure Prediction by Learning Model Confidence by Deep Learning JP
[DL輪読会]Addressing Failure Prediction by Learning Model Confidence[DL輪読会]Addressing Failure Prediction by Learning Model Confidence
[DL輪読会]Addressing Failure Prediction by Learning Model Confidence
Deep Learning JP410 views
JAWS-UGコンテナ支部#2「EC2」から「ECS」へ by Hiroyasu Suzuki
JAWS-UGコンテナ支部#2「EC2」から「ECS」へJAWS-UGコンテナ支部#2「EC2」から「ECS」へ
JAWS-UGコンテナ支部#2「EC2」から「ECS」へ
Hiroyasu Suzuki1.8K views
[DL Hacks]Deep Neuroevolution: Genetic Algorithms Are a Competitive Alternati... by Deep Learning JP
[DL Hacks]Deep Neuroevolution: Genetic Algorithms Are a Competitive Alternati...[DL Hacks]Deep Neuroevolution: Genetic Algorithms Are a Competitive Alternati...
[DL Hacks]Deep Neuroevolution: Genetic Algorithms Are a Competitive Alternati...
Deep Learning JP2.2K views
kintone on EKS ― EKS で実現するインフラ自動構築パイプライン by Yusuke Nojima
kintone on EKS ― EKS で実現するインフラ自動構築パイプライン kintone on EKS ― EKS で実現するインフラ自動構築パイプライン
kintone on EKS ― EKS で実現するインフラ自動構築パイプライン
Yusuke Nojima2.4K views
OpenStack Summit & KubeConからみるコンテナ技術の最新トレンド (更新版) - OpenStack Day Tokyo 2018講演資料 by VirtualTech Japan Inc.
OpenStack Summit & KubeConからみるコンテナ技術の最新トレンド (更新版) - OpenStack Day Tokyo 2018講演資料OpenStack Summit & KubeConからみるコンテナ技術の最新トレンド (更新版) - OpenStack Day Tokyo 2018講演資料
OpenStack Summit & KubeConからみるコンテナ技術の最新トレンド (更新版) - OpenStack Day Tokyo 2018講演資料
VirtualTech Japan Inc.800 views
技術とデザインの最適な関係; 技術の意味を与えるデザイン by Tohru Yoshioka-Kobayashi
技術とデザインの最適な関係; 技術の意味を与えるデザイン技術とデザインの最適な関係; 技術の意味を与えるデザイン
技術とデザインの最適な関係; 技術の意味を与えるデザイン
Tohru Yoshioka-Kobayashi90 views
[DL輪読会]Tracking Emerges by Colorizing Videos by Deep Learning JP
[DL輪読会]Tracking Emerges by Colorizing Videos[DL輪読会]Tracking Emerges by Colorizing Videos
[DL輪読会]Tracking Emerges by Colorizing Videos
Deep Learning JP1.1K views
CODE FESTIVAL 2015 解説 by AtCoder Inc.
CODE FESTIVAL 2015 解説CODE FESTIVAL 2015 解説
CODE FESTIVAL 2015 解説
AtCoder Inc.4.9K views
Argoによる機械学習実行基盤の構築・運用からみえてきたこと by Shinsaku Kono
Argoによる機械学習実行基盤の構築・運用からみえてきたことArgoによる機械学習実行基盤の構築・運用からみえてきたこと
Argoによる機械学習実行基盤の構築・運用からみえてきたこと
Shinsaku Kono7.1K views
JTF2018_B30_k8s_operator_nobusue by Nobuhiro Sue
JTF2018_B30_k8s_operator_nobusueJTF2018_B30_k8s_operator_nobusue
JTF2018_B30_k8s_operator_nobusue
Nobuhiro Sue1.6K views

Recently uploaded

Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ by
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericConfidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericShapeBlue
88 views9 slides
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...ShapeBlue
138 views18 slides
State of the Union - Rohit Yadav - Apache CloudStack by
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStackShapeBlue
253 views53 slides
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...The Digital Insurer
86 views52 slides
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueShapeBlue
94 views13 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
449 views92 slides

Recently uploaded(20)

Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ by ShapeBlue
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericConfidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
ShapeBlue88 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue138 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue253 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer86 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue94 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil449 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue144 views
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by ShapeBlue
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
ShapeBlue79 views
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda... by ShapeBlue
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue120 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21139 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue181 views
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue154 views
Initiating and Advancing Your Strategic GIS Governance Strategy by Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software140 views
DRBD Deep Dive - Philipp Reisner - LINBIT by ShapeBlue
DRBD Deep Dive - Philipp Reisner - LINBITDRBD Deep Dive - Philipp Reisner - LINBIT
DRBD Deep Dive - Philipp Reisner - LINBIT
ShapeBlue140 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue98 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays53 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue179 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue166 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp90 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray1086 views

katagaitai CTF workshop #10 AESに対する相関電力解析

  • 2. • T • C F • 22 3 • T 3 • F 3 C
  • 3. • 9C9 9 C9 Nx eN • # F # E MN oP • # E k tgRhL78 • # ( sE 7240 • # ( E 865l Sx Nn • # ( E 1 C l Sx Nn • # ) sE ( gN I3 C 0 C C A • # ) sE ) x P • # ) E Sx • # sE x P • # sE x P • # E # ia • # E x P
  • 5. • ( C t dg : o V • R( C S( T Fnp ws • ( E • • : • 5 ) • t bcfi • ( • r • : : : 5 A : • ce k • R M ce kH E • chla uyHmIE
  • 6. • i M • e Wt t • e W t • e W rh a c y H • rh B y H • d W ku • H 6 ( 2 ( w • e W S tx o 2 l a c ) 2 2 HG
  • 7. & • 50772842 • F H c • a • ::01 eF DC • 2 2892 e EDA DC • T S •
  • 8. • xt ro xt xt b e k • xt ro xt 8c l :e • ro xt 8c l :e • ro a g c b e k xt (+ xt xt . xt a y )/(
  • 9. • w : c n • - R Iue j A cS9 • j w l a M 9 n • - F t i M 9 I C t n • n w • 9 9T A d S9 • kdn w • okd I C cS9
  • 10. • eoimGf w u c c Ta • v wW u sSa • w r u pO • w hjod gGf 0 B Pa W • w hjod • klntgGf O • Qb_ q a BB E E/ 1 B /:. . : ./. : /:. 1B / 1 A B 1 B/ B
  • 13. • /03 /4D4 0 6 AD 3D4 4 • fed • 18 D8 bc ed • Kb • ( 5 D S f • 23. 28 36 8 E : . : D a DDA - 6 6 D : F 6 6 8 4 AE5 64D 9 A ( 4 6 F8 ) 6E 8 D 9 A ( A 9
  • 14. ( ( ) ) • +1 1 54 2 (528 4 6 + ( • 4 m K h 4 S m • + ( A m 4 • ) 1 6 1 ) 84 1 g c • 4 4 i • ei D C 4 c • 4 ) d • ) g c • ) • ei D C 4 l c • b 4 S P m+
  • 15. ( • 2 • E(86 24 2 • ) 1 K • 25 8 • E 3 86 24 2 • 2 8 • E 86 24 2
  • 16. • • F1 • F A • A 1 6
  • 17. ! • U R : 8 • • E 4 4 8 • E 4 7K 4 8 • 4 8 1 T56 OP U
  • 19. • )- 0 10 ) 82 -8 0 0 • ()-AN • - S E • PA D SR )- A 9 0
  • 20. ) ( ( ) • + ( w (03 • 62 (03 A S • E Rw (03 w • - 62) W od c • 80 62) 0 :nt c • -1 ) u • Rb w i od c • + ( RK c • • Rw w r
  • 21. ( • : • 8 : AC M B • ) M A RKb - • : B X • 2 1: S R • ( AS
  • 23. • p pE CH rlf Ksa e • S ) : 9 9 2 Brl E p • 4 : 2 9 2 0 4 i m D f p • 4332 2 40 9 2 0 4 i A ns p • S ) ( 42 B)9 2 0 49 9 2 0 4 ) • )9 2 0 49 9 2 0 4 ) P okH i c A ns p
  • 24. • 2C D 4 • I C • F I C • , A I C PD 4
  • 25. • C 9 BH9D A5 IE E ) su hdpm tb nf j • . hdpm tbP Se K i • c 2 • c a nf • nf wg rtP S ol 5 2B 9D" 1BE 5 15::9" 5A 9A 5 A 1 A ::9D9A 5 CBH9D 5A5 IE E J AA 5 A 9DA5 BA5 ,DIC B B I ,BA:9D9A 9 CD A 9D" 9D A" 9 9 69D " ((( 2 c a nf
  • 26. • 2 6 • + 6 • 6 2 2 2 2 6
  • 27. • - ( 2 -( e i a e BA i • P B a • D7 a P B a P B D7 a D f a f a
  • 28. • E ? • 3 b i 2 e • 1 0 e : - 1 D D ?D K68 • 1 0 D = S • 1 0 D K i E - 1 - 1 - 1 1 0 1 0 1 0
  • 29. • b W 2 1 • b - W • i i W 0 2 • W 0 9 b b W b W W W b - W 9 9 9 9 9
  • 30. 3 • E b= : • 1 0 S • S K - 3 2D 2D= 2D 6 • 2DK S e • 2D e S K E - - - ( )
  • 31. • ( : C • () S S C C • A P AE3B 1 • S 1C • DBA 6 (
  • 32. ! • OS E6USD E3 • = E6= 4 2 • PT 3 PT • R ) ( D 162 A OS E
  • 33. • 1 : • 5 S • t p5 • 4 5 • S 6 2 2 • 2 • 6 i 8 6 840 6 • S e 8 b 0 S 7 3 • S 7 p
  • 34. • 0 4 • P6 1 UO • S P b R D 3E T P )(
  • 35. • - e • p1 0 Sb 31 0 • p1 Sb 31 0 i i W W 1 W 1 W 1 05 W W W W 6 p1 0 i i W W W W 1 05 W W W W 6 p1 0
  • 36. • ( (122 10 1 2 0 63 3 oit w : • ) aD • s ) ( • e 12 n Pb • b • t lr P C A P • lr t • t • y P b t oii P
  • 37. • ρ",$ X : • Y: • X , 73 • • %&' (, ) = + ( − -( ) − -) • -( ( Y • + ( ( Y • . ( = +[ ( − -( 0] • ρ",$ 1 1- • ρ",$ = 234 ",$ 5 " 5 $ = 6 "78" $78$ 6[ "78" 9]6[ $78$ 9]
  • 38. • 2 1-0 B • b so = e • 1- e 2 1-0 B K EA S • 1- :B e p B • 1- K B e 3 K 8 1- 1- 1- K
  • 39. • ρ",$ - Y : • , 30 • 19 , 30 : 30 X : 30 30
  • 40. • SD D 4B • P E E D B B • b 1 D 0:CA e
  • 41. • d b [ 7 6 5 x • 6 3 d i 16 p • 6 3 d 16 p • 6 3 16 r 7 6 5 • 7 6 5 28 16 - • 6 3 7 6 5 : ] • 6 3 x s u • 6 3 s uB ]S W 16 Bt e: 6 3 : 16 p • 6 3 6 3 : i 24 y : 16 16 i 6 3 o
  • 42. • 1 • - K [o : e B 4- 6 2 S • 4- 6 2 S 05 e - • u • 1 • s - ] : 8 S K] p b 8 u B i 8 • s - t 8 S Kt pb 8 u B i 8 e - ( 8 3 ( ) 8
  • 44. • P ( 4 ) A • P ) • 4C 4 )
  • 45. • ) ( ))( ( ( • D • !"#(%&) = ∑&*+ ,-. /0 %& + 2 − /.(2) • S m o fb m fb/. i 4., … , 40 n fb/0 5 c!"#(%&)を取得 o SAD(%&)4 %& AD 5 D e
  • 46. • S () 4: • ρ",$ = ∑'() * +',,-+, .',/-./ ∑'() * +',,-+, 0 ∑'() * .',/-./ 0 • 1 6 () • 2 B • 3 B • ℎ : 4: • 5 B
  • 47. b 1 E 1 2 27 ℎ",$ − ℎ$ d B A 7 &",' − (&' b 1 E 1 ) 8 0 ℎ",$ S 84 ℎ",$ − ℎ$ を取得 d B A *7 &",' − (&' S e ), *7 S ρ$,' = ∑"./ 0 ℎ",$ − ℎ$ &",' − (&' ∑"./ 0 ℎ",$ − ℎ$ 1 ∑"./ 0 &",' − (&' 1 e ), *7 2$,'
  • 49. • R il C • . • ) ( ) / • c ) ( ) / • . / 9 . / 9 / / ?4. 9 4 . 4 . A 9 4. . . 49 . 4 .9 4 4 9 / .9 9 /4 9 9 9 . A 9 4. 9 49 A9 A • n • T mk e a fd EhD • o g MC
  • 50. ( ) • be ogit A7 A7 @7 S d r ogit d y c 1E 7 : 49 7 #$# 3E> 0 < $ ,$ , $ 125 -7 :E F 7@> 7 :E F. 49 7 O hpsk l u Te Od • 49 7 iumn t v 7 > F 7@@ C9 7 • 49 7 A7 @7 • C Oa O C9 7 C9 7 , .@C7: E79 F#A7 C9 7 , .F7 A7 E79 F# #A7 $
  • 51. )( • ). 5 • : 5 : S • • ( M • 5 :. " : : 5 5 " : : " 5 . :" "5 1 : 5 : " ":2 =
  • 52. ( ) !" #", … , #& !& 5 2 '()(+,)を取得 SAD(+,) +, def synchronize(trace, reference, window, max_offset): reference_window = reference[window[0]:window[1]] sad = [0] *(max_offset * 2 + 1) for x in range(0, max_offset * 2 + 1): trace_slice = trace[window[0]-max_offset + x:window[1]-max_offset + x] sad[x] = np.sum(np.abs(reference_window - trace_slice)) sad_idx = np.argmin(sad) offset = -max_offset + sad_idx synchronized_trace = trace if offset < 0: synchronized_trace = np.concatenate(([0] * abs(offset), synchronized_trace[:-abs(offset)])) elif offset > 0: synchronized_trace = np.concatenate((synchronized_trace[abs(offset):], [0]*abs(offset))) return synchronized_trace
  • 53. ( )
  • 54. ( 4 4 ! 4 ℎ#,% ℎ#,% − ℎ% を取得 B ' S 4 (#,) − *() b + ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 ρ%,) = ∑#-. / ℎ#,% − ℎ% (#,) − *() ∑#-. / ℎ#,% − ℎ% 0 ∑#-. / (#,) − *() 0 d 5 ρ%,) ! for k_idx in range(16): # determine key index cpaoutput = [0] *256 # follow valiables may not be need maxcpa = [0] *256 for kguess in range(256): # determine word key candidate sumnum = np.zeros(NUM_POINTS) sumden1 = np.zeros(NUM_POINTS) sumden2 = np.zeros(NUM_POINTS) hyp = np.zeros(NUM_TRACES) for t_idx in range(NUM_TRACES): # hypothesis hamming weight hyp[t_idx] = humming[addkey_subbytes(pt_list[t_idx][k_idx], kguess)] h_mean = np.mean(hyp, dtype=np.float64) t_mean = np.mean(sync_traces, axis = 0, dtype = np.float64) for t_idx in range(NUM_TRACES): hdiff = (hyp[t_idx] - h_mean) tdiff = sync_traces[t_idx] - t_mean sumnum = sumnum + (hdiff * tdiff) sumden1 = sumden1 + hdiff * hdiff sumden2 = sumden2 + tdiff * tdiff cpaoutput[kguess] = sumnum / np.sqrt(sumden1 * sumden2) maxcpa[kguess] = max(abs(cpaoutput[kguess])) bestguess[k_idx] = np.argmax(maxcpa) print "best guess key [{0}] is {1:02x}".format(k_idx, bestguess[k_idx])
  • 55. 12 52 8 1 $ python CPA.py best guess key [1] is fe best guess key [2] is ba best guess key [3] is be best guess key [4] is de best guess key [5] is ad best guess key [6] is be best guess key [7] is ef best guess key [8] is 00 best guess key [9] is 01 best guess key [10] is 02 best guess key [11] is 03 best guess key [12] is 04 best guess key [13] is 05 best guess key [14] is 06 best guess key [15] is 07 Best key guess: CAFEBABEDEADBEEF0001020304050607
  • 56. • , : : • tlu w c • a W g bd M Lro • Ud chn • m ( a W x • . / 6 / / : : : 5 • , ( ) / • ei , • Ud c CR p • ) / s
  • 57. • 0 20 3 • 0 20 5 • W L • 0 20 5 F5C W • $ T • + 7 = $
  • 58. ) ( ( • . c • • . .5 N S W f .8 _ • = aei lC • hg .8 f #Save as ChipWhisperer project tc = TraceContainerNative() for i in range(0, ntraces): tc.addWave(traces['samples'][i]) tc.addTextin(inp[i]) tc.addTextout(out[i]) tc.addKey([0]*16) os.mkdir('rhme3') tc.saveAllTraces('rhme3') tc.config.setConfigFilename('rhme3/rhme.cfg') tc.config.saveTrace()
  • 59. ) ( ( • . • .5 • . 5 9 • C
  • 60. ) ( • - - c • • 0 P e 6 a d • a d • • P P T 1 R
  • 61. )( • 1 -1 6 : R 1 6: a • :1 - 6 :1 • 1 6: R W a • :1 6: eG • d D M E I • : 6: A S b fc • : 0 PM #
  • 62. )(
  • 63. ) ( • A • 1 • R • 3 T 6
  • 64. • • ( ) • E • H C 4 6 I C F • E F S T 4 C • F 6
  • 65. 0
  • 66. • f • 0 8850/ 9 98 0: 60 0: 8 4 0 .: 9 48 8 0 /8 5 8 0 50 0 8 5 8 8 . 0 .: 9 :4 2 81 ) . : . 0: 8 0 0: 4.0 9 ) ( ( :4 2 0 .: 9 • e • ip y ʼ va wrk ou 4 h dn • ʼ va 6 m • s g • xc • b h ʼ tva wrk ou 4 h m ((
  • 67. ) ( • 2 8 7 61 : 1 • 28 2 8 7 2 7.1 • 7 EA • 2 8 7 61 add $t1, $zero, $zero# clear out $t1 ; 00004820 addi $t1, $t1, 0x9e# TEA magic is 0x9e3779b7 ; 2129009E sll $t1, $t1, 8# shift out making room in the bottom 4; 00094a00 addi $t1, $t1, 0x37 ; 21290037
  • 68. ) ( • 8 • : • • 8 6 : {'j1istE9p': [0, … , 0], 'EXdxTejF': [0, … , 0], … }
  • 69. () • + 1( • s0 0 • 0 0 3 9^ e i • m 3 ) 3 41 0 • s 3 k • + 1( • s0 + • )b 3 3 • + t 9 = 6b m 3 • m 3 ) 3 41 0 • 0 a • s 0 k • d: s k9e lw $t8, $zero, 8# k0 mem[8-23] = k ; 8c180008 lw $s7, $zero, 12# k1 ; 8C17000C lw $s6, $zero, 16# k2 ; 8C160010 lw $t3, $zero, 20# k3 now our keys are in registers ; 8c0b0014 sll $s4, $t6, 4# (v1 << 4) ; 000ea100 add $s4, $s4, $t8# +k0 part 1 is in s4 ; 0298a020
  • 70. ) ( • S Z vtoe yr lfPh • s M u Pb i F zgTC jw • / 0 0 /3 c S • R C Makp • 3 : 3 . / 0 • m Makp • 3 : /7 . 0/ / : 7 :
  • 71. ( • 5 07 211070 92. 65 07 6 G • • CU P • 570 2 • H • B
  • 72. • # # / 4 4 M • 4 0 @ 120 1 1 T • 5 • 120 1 1 7 S @ #
  • 73. • 2 8: .3 . /40 7 1 : 3880 : 750 3 1 0 • o kG h • 08 S • o S n • 08 o c b • o c b g a • • o Z • i 2 me
  • 74. • S • 3 + 7+4 • +4+ 7+4 • 44+ 7+4 • P DCA • 3 3+4+4 W DCA • W DCA • DCA
  • 75. 9 SK 6 B DP 5 S 5 EED MC .DMI HM 5SM 0HEEDPDMRH K O UDP M K H MMS K 4MRDPM RH M K /P OR K F / MEDPDMBD OPHMFDP .DPKHM 3DHCDKADPF 1PHB .PHDP / PH R O D /K THDP MC 2P MBH KHTHDP / PPDK RH M O UDP M K H UHR KD J FD CDK 4MRDPM RH M K PJ O M /P OR FP O HB 3 PCU PD MC 1 ADCCDC RD OPHMFDP .DPKHM 3DHCDKADPF mk hai j f_c n 0H ku l bg d e vsw n t t , RRO ,""UUU HO F IO" DBSPHR "DMB" PRB PC"M CD R K 1. o r , RRO,"" R B SDB B IO" 6 : "OCE" 1. 9 :DO PR 5 O MD D OCE / HO H ODPDP UHJH, RRO ,""UHJH MDU D B "/ PPDK RH M 9 UDP M K H ypzku77 , RRO ,""UHJH BKSA SDB B IO"/ 2" KJHR"W O