CHES 2023 Challenge Rules

Since 2015, a crypto-engineering challenge is organized every year in cooperation with the international conference CHES (Cryptographic Hardware and Embedded Systems).

This year the challenge has been organized by the Simple Crypto association, and consisted in exhibiting the best side-channel attack against SMAesH, a new open-source masked hardware implementation of the AES.

The implementation is based on the Hardware Private Circuits (HPC) masking scheme (at first order), which provides state-of-the-art guarantees in terms of resistance against physical defaults (e.g., glitches) and composability. It relies on a 32-bit architecture such that worst-case security evaluations are expected to require non-trivial attacks.

The challenge considers two FPGA targets and attack settings. The first (more noisy) target is an Artix-7 FPGA. For this one, the challengers are provided with a profiling set that includes the masking randomness. It aims to facilitate worst-case analysis. The second (less noisy) target is a Spartan-6. For this one the challengers are provided with a profiling set that does not include the masking randomness, which is closer to most current evaluation settings.

Challengers who submit implementations of their attacks will be evaluated on a private test dataset and rated based on the number of measurements needed to reduce the rank of the master key below a given threshold using a rank estimation algorithm. A working demonstration attack is provided by the organizers, and challengers may gain first points by just submitting this attack and evaluating the number of traces it requires more or less aggressively during the first two weeks of the challenge (beware the results on the private test set may slightly differ from those on the validation one). All the attacks submitted will be made public to all challengers (under an open source license).

NinjaLab Contribution

Our (former) ninja Valence Cristiani participated to the CHES 2023 challenge in two ways:

  • Honest guy approach

    This approach consisted in building the huge graph from the AES Sbox tower field equations, making more than 4000 Gaussian templates (2 for each node since it’s masked), and applying belief propagation algorithm (SASCA) to recover the key.

  • Bad guy approach

    This approach consisted in using another side-channel, the evaluation framework which leak some information. Thus aggregating many well-crafted submissions may allow to extract enough information on the key (13 submissions were enough). It allowed to submit a zero-trace attack !

The slides of the presentation given during the CHES 2023 rump session by Valence Cristiani explaining his contributions can be found here:

Results

  • A7_d2 implementation (Xilinx Artix-7):
    • Most points: Valence Cristiani (team mAEStro)
    • Best attack: Valence Cristiani (team mAEStro)

  • S6_d2 implementation (Xilinx Spartan-6):
    • Most points: Valence Cristiani (team mAEStro)
    • Best attack: Thomas Marquet (team Morningstar)

  • Valence Cristiani (NinjaLab) is awarded 1000 USD

  • Thomas Marquet (AAU) is awarded 500 USD

The slides of the presentation given during the CHES 2023 rump session by the CHES 2023 challenge organizers, and by the CHES 2023 challenge winners (where they describe their work) can be found here:

Theme: Illdy. © Copyright 2023 NinjaLab. All Rights Reserved.