# Artifact Table 1-A for Phase Moducation Side Channel Analysis and JTAG Attacks

This is part of a series of artifacts. Note these notebooks are designed to run on Google Colab so have been simplified from those available in the [full repository](https://github.com/colinoflynn/phase-modulation-sca).

To run these notebooks, simply run from top to bottom.

**Section of Paper Reproduced**: These will reproduce CPA results in Table 1.

**WARNING**: Some steps, such as the extraction, can be very slow. Try not to forget you started the process as CoLab will kill unattended notebooks eventually, and you'll have to start again.

In [None]:
!pip install scared

In [None]:
!sudo apt-get install zstd

In [None]:
!wget https://zenodo.org/records/13359322/files/baseline_traces_cpa.tar.zst?download=1

In [None]:
!tar -xf baseline_traces_cpa.tar.zst?download=1

In [None]:
!rm -rf baseline_traces_cpa.tar.zst?download=1

In [None]:
import scared
import estraces
import numpy as np

In [None]:
knownkey = [43, 126, 21, 22, 40, 174, 210, 166, 171, 247, 21, 136, 9, 207, 79, 60]

In [None]:
def find_success(att, knownkey):
    recovered_masterkey = np.argmax(att.scores, axis=0).astype('uint8')
    print(recovered_masterkey == knownkey)

    for i in range(0, np.shape(att.convergence_traces)[2]):
        if np.all(np.argmax(att.convergence_traces[:,:,i], axis=0) == knownkey):
            return (i+1)*att.convergence_step
    return -1

In [None]:
import scared
from scipy import signal


def do_cpa(filename, step=25, window=None, hpf=None, lpf=None):
    ths = estraces.read_ths_from_ets_file(filename)
    print(ths)

    selection_function = scared.aes.selection_functions.encrypt.FirstSubBytes()

    att = scared.CPAAttack(selection_function=selection_function,
                           model=scared.HammingWeight(),
                           discriminant=scared.maxabs,
                           convergence_step=step)

    processes = []

    # Simple high pass filter (HPF)
    if hpf:
        sos = signal.butter(5, hpf, 'highpass', output='sos')

        @scared.preprocess
        def hpfproc(traces):
            return signal.sosfilt(sos, traces)

        processes.append(hpfproc)

    # Simple low pass filter (LPF)
    if lpf:
        sos = signal.butter(5, lpf, 'lowpass', output='sos')

        @scared.preprocess
        def lpfproc(traces):
            return signal.sosfilt(sos, traces)

        processes.append(lpfproc)

    # This resync preprocessing isn't really used, was used with some JTAG captures only
    @scared.preprocess
    def resync(traces):
        import numpy as np
        first = []
        for w in traces:
            first.append(w[0])
        avg = np.mean(first)

        tracesresync = []
        for w in traces:
            if w[0] < avg:
                tracesresync.append(w[:-1])
            else:
                tracesresync.append(w[1:])
        return np.array(tracesresync)
    #processes.append(resync)

    if window:
        container = scared.Container(ths, frame=range(window[0], window[1]), preprocesses=processes)
    else:
        container = scared.Container(ths, preprocesses=processes)


    att.run(container)

    import numpy as np

    recovered_masterkey = np.argmax(att.scores, axis=0).astype('uint8')

    return att

In [None]:
# Datasets in baseline_traces_cpa online
filenames = [('baseline_traces_cpa/baseline120mhz_sync_120msps_cpa.ets', 25, None, None, None),
             ('baseline_traces_cpa/baseline120mhz_sync_60msps_cpa.ets', 25, None, None, None),
             ('baseline_traces_cpa/baseline120mhz_async_120msps_cpa.ets', 125, None, None, None),
             ('baseline_traces_cpa/baseline120mhz_async_60msps_cpa.ets', 125, (0, 3000), None, None),
             ('baseline_traces_cpa/baseline15mhz_sync_120msps_cpa.ets', 50, None, None, None),
             ('baseline_traces_cpa/baseline15mhz_sync_60msps_cpa.ets', 50, None, None, None),
             ('baseline_traces_cpa/baseline15mhz_async_120msps_cpa.ets', 50, (1000, 6000), None, None),
             ('baseline_traces_cpa/baseline15mhz_async_60msps_cpa.ets', 50, (500, 3000), None, None),
            ]


## Doing all the CPA attacks on baseline measurements

The following will do all the attacks on *baseline* measurements. The results get saved to a `.npy` file for further use. The `.npy` files have also been saved from prior runs.

The following results in the CPA numbers that are reported in the paper.

In [None]:
for f in filenames:
    att = do_cpa(f[0], f[1], f[2], f[3], f[4])
    successnum = find_success(att, knownkey)
    print("{:s} = {:d}".format(f[0], successnum))
    np.save(f[0] + ".npy", att)

The above results in a bunch of output, but the important parts are the lines that look like this:

```
baseline_traces_cpa/baseline120mhz_sync_120msps_cpa.ets = 750
baseline_traces_cpa/baseline120mhz_sync_60msps_cpa.ets = 1350
baseline_traces_cpa/baseline120mhz_async_120msps_cpa.ets = 28375
baseline_traces_cpa/baseline120mhz_async_60msps_cpa.ets = 66750
baseline_traces_cpa/baseline15mhz_sync_120msps_cpa.ets = 3250
baseline_traces_cpa/baseline15mhz_sync_60msps_cpa.ets = 3600
baseline_traces_cpa/baseline15mhz_async_120msps_cpa.ets = 19700
baseline_traces_cpa/baseline15mhz_async_60msps_cpa.ets = 22800
```

These baseline values can be found in **Table 1** in the paper, reproduced here in Markdown (not exactly perfect):

| CPU Freq | Asynchronous Sampling |       |         |       | Synchronous Sampling |      |         |      |
|----------|-----------------------|-------|---------|-------|----------------------|------|---------|------|
|          | 120 MS/s              |       | 60 MS/s |       | 120 MS/S             |      | 60 MS/s |      |
|          | |TVLA|                | CPA   | |TVLA|  | CPA   | |TVLA|               | CPA  | |TVLA|  | CPA  |
| 120 MHz  | 5.0                   | 28375 | 4.2     | 66750 | 43.9                 | 750  | 28.8    | 1350 |
| 15 MHz   | 5.9                   | 19900 | 5.0     | 22800 | 24.0                 | 3250 | 25.8    | 3600 |

Note depending on the reporting internal there seems to be minor variations - here the table as 19900 for 15Mhz CPU / 120 MS/s async, but re-running it here resulted in 19700.

You may wish to save the .npy files. While we have a copy of them, for a "complete" artifact recreation you should copy the .npy files to the CPA plotting notebook.

The easiest way to do this if using colab (and not a local Jupyter install) is to copy them to a directory & compress them. Then download the file in the CoLab web interface.

The following block will move them to a `results` directory, then the block after that will compress that directory. Look for a `results.7z` file you download.

In [None]:
%%bash
mkdir results
mv baseline_traces_cpa/*.npy results/.

In [None]:
!7z a results.7z results

You will now need to reproduce the T-Test results in Table 1. See the next artifact to do this.