DPA BOOK: Power Analysis Attacks - Revealing the Secrets of Smartcards
www.dpabook.org 上有完整的能量轨迹数据和matlab代码
下面仅介绍相关代码:
load('WS3.mat');
% 加载工作区WorkSpace数据,有三个矩阵:
% aes_plaintexts:
% 明文输入值,大小为1000*16。1000表示1000个明文
% 由于每次分析8bits,因此128bits明文拆为每列8bits*16列
% traces_noDummy:
% 实测轨迹,没有插入Dummy保护。大小1000*25000
% 对1000个明文,每个采样25000个能量泄露点
% traces_withDummy:
% 实测轨迹,插入Dummy保护。大小1000*25000
samples = 1000;
% 1000个明文即1000条采样轨迹数
analyzed_traces = 'traces_noDummy';
%analyzed_traces = 'traces_withDummy';
byte_to_attack = 1;
%选择攻击的位置,第1个byte。共16个byte
delta = 9441-6729;
more off
%禁用分页输出
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Prepare plaintexts
D = aes_plaintexts(1:samples, byte_to_attack);
clear aes_plaintexts byte_to_attack
% Prepare traces
eval(sprintf('traces = %s(1:samples, :);', analyzed_traces));
clear analyzed_traces
% eval(str):将括号内的字符串str视为可执行语句,并运行
K = uint8(0:255);
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% TASK 2
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Calculate hypothetical intermediate values
V = SubBytes(bitxor(repmat(D, 1, length(K)), repmat(K, samples, 1)) + 1);
% repmat函数见最后
% Calculate hypothetical power consumption
H = HW(V+1);
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Calculate correlation
tr_length = size(traces, 2);
R = zeros(length(K), tr_length);
for key_idx = uint16(K)+1
fprintf('Working on key guess = %d\n', K(key_idx));
for k = 1:tr_length
r = corrcoef( [double(H(:,key_idx)) double(traces(:,k))] );
% corrcoef计算两个列向量相关系数,返回协方差矩阵矩阵r
R(key_idx, k) = r(1, 2);
% r(1, 2)为两个向量的相关系数(协方差)
end
end
clear key_idx k r
[rmax,rn]=max(max(R'));
% 返回R中最大值rmax及其行号rn,可得猜测密钥K(rn) ;max函数见最后
% fprintf('Key byte is most likely: %d\n', K(rn));
% plot(R(rn,:));
显示相关系数图像 show_plots函数
exist()
检查变量、脚本、函数、文件夹或类的存在情况
MATLAB的repmat函数
B = repmat(A,r,c)
将A向下(行方向)复制n次,向右(列方向)复制c次。(中间填充的也是矩阵A)
如:
A = 1:4;
B = repmat(A,4,1)
B =
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
MATLAB的max函数