# Countermeasures for side-channel analysis


#### Learning goals
- Learn how to avoid side-channel leakage
- Learn about _Hiding_ and _Masking_

#### References
- E. Oswald S. Mangard and T. Popp, Power analysis attacks — revealing the secrets
of smartcards, Springer-Verlag, 2007

In [None]:
%load_ext autoreload
%autoreload 2

import os
import random

import lascar
import numpy as np
import plotly.graph_objects as pgo

from securec.capture import capture

## 1. Hiding

<div style="border: 3px solid plum; border-radius: 5px; padding: 5px; width: calc(100% - 20px);">
<div class="h2" style="font-variant: all-small-caps;">Exercise 1</div>

Randomize the order of the SBox lookups.

Check the effectiveness using CPA and evolution plots.

</div>

<div style="border: 3px solid plum; border-radius: 5px; padding: 5px; width: calc(100% - 20px);">
<div class="h2" style="font-variant: all-small-caps;">Exercise 2</div>

Add a timing jitter before each lookup.

Check the effectiveness using CPA and evolution plots.

</div>

## 2. Masking

### Masking the SBox output

Given a mask $m_o$ then a _SBox with output mask_ is a modified AES-SBOX $\mathrm{SBOX'}$ with the property:

$$ \mathrm{SBOX'}(\mathrm{pt}_i \oplus k_i) = \mathrm{SBOX}(\mathrm{pt}_i \oplus k_i) \oplus m_o $$

Where $k_i$ is the $i$-th key byte and $\mathrm{pt}_i$ the $i$-th input byte.


<div style="border: 3px solid plum; border-radius: 5px; padding: 5px; width: calc(100% - 20px);">
<div class="h2" style="font-variant: all-small-caps;">Exercise 3</div>

Implement a SBox lookup using a SBox with output mask.

Check the effectiveness using CPA and evolution plots.

</div>

<div style="border: 3px solid plum; border-radius: 5px; padding: 5px; width: calc(100% - 20px);">
<div class="h2" style="font-variant: all-small-caps;">Exercise 4 (optional)</div>

Attack the SBox with output mask with CPA but using the SBox _input_ as selection function.

</div>