New! The DPA contest v2 (2009-2010) is online. Click here to go to the website of the new edition.
| Opinion pool to be opened soon. |
Opinion Pool for the 2009-2010 contest edition
The first edition of the contest has received 44 submissions. Given this success, a second edition for the DPA contest will be launched at the beginning of November 2009.
As discussed with the plenary audience during the special session of CHES'09 dedictated to the 2009-2010 edition, we would like to gather some feedback from the prospective players.
We intend to suggest some ideas for rules and scenario improvements. Indeed, the DPA contest must evolve to better suit the CHES community needs. Please free to answer this opinion pool. A summary of all answers will be published in this website before the launch of the second edition. The rules for this second edition will be this document where the questions will be replaced by statements.
Rules update
- To enable attacks using pre-characterization,
we endeavor to put at the players disposal a database with random key measurements.
Question by Guillaume DUC: shall the plaintext be the same in both databases or are they random and decorrelated?
Suggestion by Sylvain GUILLEY: having the same plaintexts in both databases implies a 'chosen plaintext' attack scenario. In general, we would like to favor such attacks, however they are stronger if the plaintext choice depends on the algorithm rather on the precharacterization (the attacker has less merit). Therefore, I would suggest to have random and decorrelated plaintexts for the two databases. -
We wish to have the attacks be independent on the order in which the traces are consumed.
Suggestion by Guillaume DUC: the rule could be to play the attack on x (10-20) traces subsets chosen randomly in the database and to announce the average number of traces required to break the key.
Opinion of Sylvain GUILLEY: the complete recovery of the key is a strong hypothesis. It could be considered a 'soft' decision to take into account only the probability of a correct key recovery. This would in addition help quantify the amount of exhaustive search to finish the SCA attack. Therefore, I agree with Guillaume's suggestion, and I would furthermore add a rule that explains how to compute a probability of success. But the open problem that remains is the method to compare not only an average number of trace, but success probability distributions. This is an issue to discuss with François-Xavier and Jean-Jacques next time we see them. -
Additionally, we expect to reduce to the minimum the amount of initial knowledge about the circuit's characteristics and/or its traces (for instance the temporal localization of the encryption rounds),
and more generally, to ban the use of undocumented constants in the attack code.
Interrogation by Guillaume DUC: shall we all the same give the information about the structure of the algorithm implementation (netlist, high-level description, etc.) or not?
Attempt of answer by Sylvain GUILLEY: Yes, we should provide all the design-related information of the attacked circuit. However, the banned constants shall be those that are not presented in the public algorithm description. -
We would like to keep the possibility of using simultaneously the known plaintext and ciphertext couple,
while forbidding the exhaustive search.
Remark by Guillaume DUC: But how about launching an exhaustive search after the x first bits of the keys have been found?
Note by Sylvain GUILLEY: This remark is completely relevant. I have no idea how forbid such a strategy with rules that given at least once a simultaneous access to both one plaintext and one ciphertext.
Scenario update
- In the new scenario, we would like to stick to an unprotected circuit, so as to continue on learning about evaluation methodologies.
-
We intend to move to a SASEBO acquisition board with the open-source EveSoC the environment?
Question by Guillaume DUC: Do we allow participants to acquire their own traces and to use them (provided they post them) to participate to the DPA contest.
Suggestion by Sylvain GUILLEY: I would say that we shall encourage this initiative. In the real world, side-channel acquisition and side-channel exploitation are two aspects of the attacks that shall be considered as equally important. Therefore, improvement proposal from the experimental side (as opposed to that of the theoretical side) should be welcomed too. However, in a view to keep the contest fairness, I would suggest that a proposal that relies on newly traces should make the traces public, so that any other participant is able to take advantage of this advance. -
We would like to move from DES to AES.
Notice by Guillaume DUC: This is indeed an unavoidable trend.
Notice by Sylvain GUILLEY: All the more so as there are now some open-source and optimized VHDL/Verilog source codes available for AES. The Athena database launched by Kris Gaj could be a good starting point. Or the NSA benchmarks for the AES candidate selection, as the VHDL source code is available. -
On-demand traces acquisition will be technically difficult to set up this year.
Notice by Guillaume DUC: I agree it would be technically possible but quality and disponibility issues are still very complicated.
Reply from Sylvain GUILLEY: But for next year it could be a credible option... -
We are thinking to couple the attack contest with a secure design contest.
Memo of Sylvain GUILLEY: Assia TRIA would like to launch this initiative. Maybe in January-February during PASTIS'2010? - Any other suggestion welcome!