We implement the masked AES on Sasebo-GII board [1]. We implement the mask based on the source code provided with Sasebo-GII board [2]. The mask scheme is provided by [3].

We provide only $5,600,000$ traces for downloading because the masked AES is hard to attack and results show that with $500,000$ traces, the side-channel attacks success rate is only $90\%$ [4] [5]

The $5,600,000$ traces are included in 112 packages (001_unmasked_AES.tbz2 to 112_unmasked_AES.tbz2) and each contains $50,000$ traces. One example of power trace is shown in Fig. 1.

The details of the implementations is as following:

  • To make the attacks and analysis easier, we simplify the mask by clearing the register used to store the random number every time before encryption.
  • At the moment of the first peak, we clear the random number register and generate random numbers using a set of internal LFSRs.
  • At the second peak, we write the random number $rand$ into the random number register, thus the power of is point is correlated with $HW(rand)$.
  • The 4th peak corresponds to the 1st round and the state register $reg$ changes from the plaintext $P$ to the first round output $R_1$.
  • At the second last peak, $reg$ changes from $R_9$ to $R_{10}$ and the AES is finished, this is the point to attack the last round of AES, there is a strong correlation between power and $HD(R_9, R_{10})$.

One example of correlation results is shown in Fig. 2. The leakage point is very clear and you can use these two points to launch a second order attack.

We also use these traces in our CHES 2014 paper [5], and this paper is also available in Cryptology ePrint Archive [4]. Please refer this paper for details of correlations and success rate results of attacks.

We note that we simplified the implementation by clearing the random number register to ease the analysis. There is no difference if we don't clear this register, in which the first point correlation will be $correlation(power, HD(rand, rand')$.

[1] “Evaluation environment for side-channel attacks,” http://www.risec.aist.go.jp/project/sasebo/.

[2] “Side-channel attack standard evaluation board (sasebo): Sasebo-gii,” http://www.rcis.aist.go.jp/special/SASEBO/SASEBOGII-en.html.

[3] M.-L. Akkar and C. Giraud, “An implementation of des and aes, secure against some attacks,” in Cryptographic Hardware and Embedded SystemsCHES 2001. Springer, 2001, pp. 309–318.

[4] A. A. Ding, L. Zhang, Y. Fei, and P. Luo, “A statistical model for higher order dpa on masked devices,” Cryptol. ePrint Archive, 2014.

[5] ——, “A statistical model for higher order dpa on masked devices,” in Cryptographic Hardware and Embedded Systems- CHES 2014, 2014.

The secret key used in masked/unmasked AES is:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

If you have any question, please contact Yunsi Fei at yfei@ece.neu.edu

The dataset is available to the public for free. If you use them in your work, we request you to kindly acknowledge us by citing our website with the title of “Northeastern University TeSCASE dataset” and the URL of “https://chest.coe.neu.edu/.”