Software accompanying the paper "Single-Trace Attacks on Keccak" which will be published in the IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) 2020 Issue 3.
Authors:
- Matthias J. Kannwischer
<matthias@kannwischer.eu>
- Peter Pessl
<peter@pessl.cc>
- Robert Primas
<rprimas@gmail.com>
The paper is available at: https://eprint.iacr.org/2020/371.pdf
All simulation results were obtained using the provided code.
make
installs the required packages.
Change to directory keccak-p/
and run python3 bp.py
.
Alternatively, call ./inst_generic_xxx_xxx.sh
for one of the predefined scenarios.
Important command line parameters for simulation:
-l
: lane length. default = 64 (keccak-f[1600])
-s
: sigma for noisy Hamming weight. default = 1.0
-w
: processor wordsize. default = 8
-c
: clustersize. default = 8. Supported are 1, 8, 16
-r
: number of simulated keccak-f rounds. default = 2
-d
: damping factor alpha. default = 0.75
-i
: maximum number of belief-propagation iterations. default = 50
--istate
: input state as 1600bit hexstring.
--imask
: separate input bits to known and unknown parts. 1600bit hexstring. 1 = known bit, 0 = unknown bit
--fmask
: separate output bits to known and unknown parts. 1600bit hexstring. 1 = known bit, 0 = unknown bit. default all zero, due to typically simulating only a small number of rounds.
Shortcuts for above parameters: R = fully random, 0 = all zero, supports python string expansion, e.g., "RR"*16 + "00"*(200-16)
sets first 16 bytes random, others to zero
--seed
: allows specifying a randomness seed (32bit hexstring) for rerunning specific simulations
All files in this repository fall under the CC0 Public Domain dedication.