Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
H
HW_CTF
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
spook
HW_CTF
Commits
a6031b2f
Commit
a6031b2f
authored
May 04, 2020
by
Momin Charles
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update README.md
parent
7195d2da
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
5 additions
and
4 deletions
+5
-4
README.md
README.md
+5
-4
No files found.
README.md
View file @
a6031b2f
...
...
@@ -252,11 +252,12 @@ the [spook_MSK.v](spook_msk/hdl/mode_hdl/spook_MSK.v) file:
### Protected Clyde core
The protected version of Clyde is implemented using the masking countermeasure. The masking scheme considered
is the glitch-resistant variation of Ishai et al.'s private circuits proposed by
[
Cassiers et al
](
https://eprint.iacr.org/2020/185
)
.
Next
, the amount of shares used for the masking scheme is denoted by
`d`
.
For the rest of the file
, the amount of shares used for the masking scheme is denoted by
`d`
.
As shown next, the Clyde module is separated in two mechanisms: the Clyde computation itself and the
generation/handling of the randomness. The computation takes as input the sharing of the key (i.e., the
`sharing_key`
bus), the
tweak (i.e., the
`tweak`
bus) and either the plaintext or the ciphertext (i.e., the
`data_in`
bus). The control signal
`inverse`
is used to
specify to the core which operation (i.e., encryption or decryption) is currently perfomed. Next, control signals will be represented in blue.
specify to the core which operation (i.e., encryption or decryption) is currently performed. for the rest of the file, control
signals will be represented in blue.
The randomness is generated by using two (similar) instances of a maximum length
[
128-bits LFSR
](
https://www.xilinx.com/support/documentation/application_notes/xapp210.pdf
)
(
i.e.,
the
`prng_unit`
module). Seeds can be
...
...
@@ -393,7 +394,7 @@ As mentionned above, the [simu](spook_msk/simu) contains the simulation script
+
**Testvectors generation**
: this process generates the different commands that will be sent to the
core based on the file specified. Those commands are formatted similarly to the NIST LWC testvectors files.
This is done using the
[
gen_tv.py
](
spook_hw_api/gen_tv.py
)
script. Basically, this script uses a
[
spook_api_builder
](
spook_hw_api/spook_api_builder.py
)
instance to build the sucessive commands based on
[
spook_api_builder
](
spook_hw_api/spook_api_builder.py
)
instance to build the suc
c
essive commands based on
a NIST LWC TVs file. These commands are then written in another file that is read during the simulation
process.
+
**Simulation file building**
: the simulation file is built using Iverilog.
...
...
@@ -404,7 +405,7 @@ parameters and process flow can be found in the [sim_spook_MSK.sh](spook_msk/sim
## CTF Data Sets
In the context of the challenge, various data sets are available for each target
s (i.e., using 2,3 and 4 shares)
In the context of the challenge, various data sets are available for each target
(i.e., using 2,3 and 4 shares).
Each set contains traces as well as the corresponding data processed. The measurements were performed on
a
[
Sakura-G board
](
http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-G.html
)
with an HW architecture generated with
`PDSBOX`
=2 and
`PDLBOX`
=1. Six different sets are provided: 1 containing 10M traces with random inputs (typically used for profiling) and
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment