 | |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 |
Mid-term review of the DPA contestSylvain GUILLEY |
|
|---|---|
|
The DPA contest is a one-year international competition open to any participant from academia, industry and governmental bodies. A large database of side-channel measurements acquired from a cryptographic IC along with a reference attack is provided online from the website http://www.dpacontest.org/ The goal of the contest is to devise attacks that extract the secret key normally concealed into the IC but leaked by the side-channel using as few of them. At about the half of contest duration, the source code of 19 attacks have been posted, the best of which currently requires 145 times less side-channel traces than the original attack of Paul Kocher! We first present in this talk a synthetic overview of the side-channel extraction innovations that have been submitted so far. Then, we assess independently the submitted attack source codes, by replaying them on other targets, namely (i) an ideal leakage model, (ii) a SASEBO-B and (iii) a commercial FPGA evaluation board. These confrontations clearly show which contribution can be adapted to another situation and which are crafted especially for the DPA contest. Eventually, we discussed some issues related to the attacks rating; indeed, some participants, amongst them the UCL crypto group [IACR eprint 2008/517] pinpointed that for the attack score to be representative, it should consist in a statistical success rate obtained from various side-channel inputs. This effort will yield some recommendations about the crucial problem of attacks comparison, that is very structuring for our embedded security community. The talk will conclude on some ideas to improve the DPA contest usefulness. It is foreseen that the 2009-2010 edition will consist in attacking protected implementations, using side-channel measurements obtained (for some of them) on-demand from a live FPGA. |
|