We implement the unmasked SHA3 (Keccak) on Sasebo-GII board [1]. We use the official VHDL implementation (high speed core) provided by http://keccak.noekeon.org/ [2]. The controller is from RCIS [3] and we fixed the bugs. We provide only $500,000$ traces for downloading because the signal- noise-ratio (SNR) of Keccak is very low and thus it is hard to attack.

The 500, 000 traces are included in 10 packages (001 unmasked keccak.tbz2 to 10 unmasked keccak.tbz2) and each contains 50, 000 traces. One example of power trace is shown in Fig.1 . There are 24 rounds in Keccak and thus

For this implementation, we keep the original settings of [2], the key $K$ and message $M$ are 1024 bits while the padding is 576 bits (all 0). To simplify the attacks, we assume that the $K$ is 320 bits long. We note here that [2] came out much earlier than FIPS202 [4], thus there is some difference between [2] and [4], but such differences will not affect the side-channel attacks. Detailed discussion of this can be found in our paper [5].

For every package, we ran correlation and keep a correlation result as a picture in them. The result is as following:

The left of Fig. 2 is the result of $correlation(HW(R_1), power)$ and the right side is $correlation(HW(\theta_{out}), power)$.

Each package contains a text file for the power trace, $3,000$ points each trace; one text file for $R_1$ result, 200 bytes per trace. There is also one text file for the plaintext, the first 40 bytes are the key bytes, the 41-128 bytes are the message bytes. Users should append 72 bytes (all 0) to the message bytes as the input (200 bytes) to Keccak function.

More details of the VHDL implementation can be found in [2] (high speed core), so we will not discuss it here. To understand this implementation, knowledge of VHDL is required.

Several of our papers [5] also used these traces and you can refer them for more details and different attack methods. Please cite our page and papers if you use the traces or attack models we propose, we will appreciate that. You can also contact with us if you use our traces in your publications and we will add your papers in this page.

Contact with us if any questions, thanks a lot!

[1] “Evaluation environment for side-channel attacks,” http://www.risec.aist.go.jp/project/sasebo/.

[2] Keccak Hardware implementation in VHDL Version 3.1, 2014 (accessed May 14, 2014). [Online]. Available:http://keccak.noekeon.org/KeccakVHDL-3.1.zip

[3] “SHA-3 FPGA implementation,” http://satoh.cs.uec.ac.jp/SAKURA/research/SHA-3.html.

[4] N. F. Pub, “DRAFT FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions,” Federal Information Processing Standards Publication, 2014.

[5] P. Luo, Y. Fei, X. Fang, A. A. Ding, M. Leeser, and D. Kaeli, “Power analysis attack on hardware implementation of MAC-Keccak on FPGAs,” in IEEE Proc. Int. Conf. on Reconfigurable Computing and FPGAs (ReConfig’14), 2014.