# DPA on DES
Section 4.1 in the paper.

## Selection function
The selection function of DPA in our case is simply the first output bit of the first s-box in the last round of the encryption. This is equivalent to the output of the first s-box in the **first** round of the **decryption**.

## Goal
The goal is to find the key with the highest DOM calculated using $ \frac{\sum \mathtt{L}_{V=1}}{N_{V=1}} - \frac{\sum \mathtt{L}_{V=0}}{N_{V=0}}$.

The correct key should be 0.

In [84]:
import pandas as pd
import numpy as np

# Load preprocessed data
trace_df = pd.read_csv("des_extension_data.csv")
plaintexts = [p for p in trace_df['Plaintext']]
ciphertexts = [c for c in trace_df['Ciphertext']]
powers_at_t = trace_df['Power']

In [85]:
from des_helpers import dpa_select_function

# Constants
NUM_KEYS = 64  # Keys range from 0 to 63

dom_values = []

for i in range(NUM_KEYS):
    print(f"Computed DOM for key: {i}")
    sel_values = np.array([dpa_select_function(pt.upper(), i) for pt in plaintexts])
    print(np.bincount(sel_values))

    # Partition the power traces based on selection values
    group0_indices = [i for i, val in enumerate(sel_values) if val == 0]
    group1_indices = [i for i, val in enumerate(sel_values) if val == 1]
    
    # Extract power traces for each group
    group0_powers = [powers_at_t[i] for i in group0_indices]
    group1_powers = [powers_at_t[i] for i in group1_indices]
    
    # Compute average power consumption for each group at the time point of interest
    avg_group0 = np.mean(group0_powers) if len(group0_powers) > 0 else 0
    avg_group1 = np.mean(group1_powers) if len(group1_powers) > 0 else 0
    
    # Compute the difference of means (DOM)
    dom = avg_group1 - avg_group0
    dom_values.append(dom)

Computed DOM for key: 0
[512 512]
Computed DOM for key: 1
[512 512]
Computed DOM for key: 2
[512 512]
Computed DOM for key: 3
[512 512]
Computed DOM for key: 4
[512 512]
Computed DOM for key: 5
[512 512]
Computed DOM for key: 6
[512 512]
Computed DOM for key: 7
[512 512]
Computed DOM for key: 8
[1024]
Computed DOM for key: 9
[   0 1024]
Computed DOM for key: 10
[   0 1024]
Computed DOM for key: 11
[1024]
Computed DOM for key: 12
[512 512]
Computed DOM for key: 13
[512 512]
Computed DOM for key: 14
[512 512]
Computed DOM for key: 15
[512 512]
Computed DOM for key: 16
[512 512]
Computed DOM for key: 17
[512 512]
Computed DOM for key: 18
[512 512]
Computed DOM for key: 19
[512 512]
Computed DOM for key: 20
[512 512]
Computed DOM for key: 21
[512 512]
Computed DOM for key: 22
[512 512]
Computed DOM for key: 23
[512 512]
Computed DOM for key: 24
[1024]
Computed DOM for key: 25
[   0 1024]
Computed DOM for key: 26
[   0 1024]
Computed DOM for key: 27
[1024]
Computed DOM for key: 28
[512 512]

In [86]:
max_dom = max(dom_values)
correct_key_guess = dom_values.index(max_dom)
print(f"The key guess with the highest DOM is {correct_key_guess} with a value of {max_dom}")
print(f"The correct key is {0} with a value of {dom_values[0]}")

The key guess with the highest DOM is 8 with a value of 564.59765625
The correct key is 0 with a value of 15.28515625


In [87]:
dom_values

[15.28515625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 15.28515625,
 -15.28515625,
 -15.28515625,
 -15.28515625,
 564.59765625,
 -564.59765625,
 -564.59765625,
 564.59765625,
 15.28515625,
 15.28515625,
 15.28515625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 15.28515625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 15.28515625,
 15.28515625,
 564.59765625,
 -564.59765625,
 -564.59765625,
 564.59765625,
 -15.28515625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 -15.28515625,
 15.28515625,
 -15.28515625,
 -564.59765625,
 -564.59765625,
 15.28515625,
 15.28515625,
 -15.28515625,
 15.28515625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 564.59765625,
 564.59765625,
 15.28515625,
 -15.28515625,
 15.28515625,
 -15.28515625,
 15.28515625,
 -564.59765625,
 -564.59765625,
 -15.28515625,
 -15.28515625,
 15.28515625,
 -15.28515625,
 15.28515625,
 15.28515625,
 -15.28515625,
 564.59765625,
 564.59765625,
 -15.28515625,
 15.28515625]