ASCON dataset
ASCON dataset: building templates for recovering ASCON keys
The ASCON dataset contains recordings of the power-supply current changes of the 32-bit processor STM32F303RCT7, which has one ARM Cortex-M4 core, on a ChipWhisperer-Lite (CW-Lite) board. We used an NI PXIe-5160 10-bit oscilloscope, which can sample at 2.5 GS/s into 2 GB of sampling memory, and an NI PXIe-5423 wave generator, as an external clock signal source, to supply the target board with a 5 MHz square wave signal.
More details of the attack are described in the following paper and thesis:
- Shih-Chun You, Markus G. Kuhn, Sumanta Sarkar, Feng Hao: Low trace-count template attacks on 32-bit implementations of ASCON AEAD. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), Volume 2023, Issue 4 (PDF file).
- Shih-Chun You: Single-trace template attacks on permutation-based cryptography. PhD thesis, 2022, Apollo - University of Cambridge Repository (PDF file).
On this web page, we provide our target source code and the Python scripts for recording the traces on the NI platform.
The scripts that perform and evaluate the template attacks can be found at:
Source code for our targets
The source code of the ASCON AEAD implementations on CW-Lite is available below.
With the parameters and software version that we stated in our paper, you can find the following compiled HEX files for three different versions of ASCON-128 implementations after decompressing the above ZIP file:
- U-Os experiments, an unmasked implementation with compiler optimization option "-Os":
ascon_src/simpleserial-ascon-aead-128/simpleserial-aead-CWLITEARM.hex - U-O3 experiments, an unmasked implementation with compiler optimization option "-O3":
ascon_src/simpleserial-ascon-aead-128-O3/simpleserial-aead-CWLITEARM.hex - M-Os experiments, a masked implementation with compiler optimization option "-Os":
ascon_src/simpleserial-masked-ascon-aead-128/simpleserial-aead-CWLITEARM.hex
Recording scripts
U-Os recordings
The Python scripts to control the recording platform is available below.
When we recorded our traces for experiments, we categorized the traces into five different groups: Reference, Detection, Profiling (Training), Validation, and Attack (Testing). For each there is an independent subdirectroy, which contains the recording control scripts, the pre-generated input data (key, nonces, plaintexts), and the corresponding output data (ciphertexts and tags) for checking:
- NI_RE_code: Reference traces,
- NI_DN_code: Detection traces,
- NI_TR_code: Profiling (Training) traces,
- NI_VA_code: Validation traces,
- NI_TS_code: Attack (Testing) traces.
Meanwhile, the subdirectory "SRC_TEST/simpleserial-ascon-aead-128/" contains the target HEX file, and please execute the following command to write the HEX file onto the CW-Lite board and check the correctness of the implementation:
- python3 test_AEAD_128_Enc.py
U-O3 recordings
The Python scripts to control the recording platform is available below.
When we recorded our traces for experiments, we categorized the traces into five different groups: Reference, Detection, Profiling (Training), Validation, and Attack (Testing). For each there is an independent subdirectroy, which contains the recording control scripts, the pre-generated input data (key, nonces, plaintexts), and the corresponding output data (ciphertexts and tags) for checking:
- NI_RE_code: Reference traces,
- NI_DN_code: Detection traces,
- NI_TR_code: Profiling (Training) traces,
- NI_VA_code: Validation traces,
- NI_TS_code: Attack (Testing) traces.
Meanwhile, the subdirectory "simpleserial-ascon-aead-128-O3/" contains the target HEX file, and please execute the following command to write the HEX file onto the CW-Lite board and check the correctness of the implementation:
- python3 test_AEAD_128_Enc.py
M-Os recordings
The Python scripts to control the recording platform is available below.
When we recorded our traces for experiments, we categorized the traces into six different groups: Pre-detection, Reference, Detection, Profiling (Training), Validation, and Attack (Testing). For each there is an independent subdirectroy, which contains the recording control scripts, the pre-generated input data (key, nonces, plaintexts), and the corresponding output data (ciphertexts and tags) for checking:
- NI_PD_code: Pre-detection traces,
- NI_RE_code: Reference traces,
- NI_DN_code: Detection traces,
- NI_TR_code: Profiling (Training) traces,
- NI_VA_code: Validation traces,
- NI_TS_code: Attack (Testing) traces.
Meanwhile, the subdirectory "SRC_TEST/simpleserial-masked-ascon-aead-128/" contains the target HEX file, and please execute the following command to write the HEX file onto the CW-Lite board and check the correctness of the implementation:
- python3 test_AEAD_128_Enc.py