[tvla] Add histogram based TVLA #71
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Vladimir Rozic <vrozic@lowrisc.org>
This commit contains several changes: 1. Fix leakage model computation. Previously, only the initial round and the first 9 regular rounds were computed. The final round couldn't be analyzed. 2. Now, all bytes and all rounds are computed. Basically when computing a single byte, the other bytes come for free. Similarly, if round 10 is needed, all other rounds need to be computed anyway. 3. The computed leakage model is saved to disk as traces.npy and using a new command line argument can be loaded in a later run to re-use previous intermediate results and speed up the analysis. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This gives a performance improvement of nearly 100x compared to the previous implementation based on nested for loops. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This commit modifies the histograms & t-test computation as well as the plotting to run for all rounds and all bytes by default. Using new command line arguments, the user can specify a single round and/or a single byte if needed. Plots for all computed t-test results are saved and the script now prints results in text format, highlighting in which rounds and bytes, leakage above the threshold has been detected. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This commit parallelizes the histograms computation across samples. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
In case either the fixed or random set is empty, the statistics can't be computed. This can happen e.g. if few traces are used only, or if using the hamming distance as sensitive variable and analyzing the initial round. In the latter case, the hamming distance can only be zero or non-zero if the corresponding key byte is zero or non-zero, respectively. Thus, either the fixed or the random set is empty. Previously we anyway computed the statistics producing meaningless results. With this commit, we don't try to compute the statistics anymore if either of the sets is empty and report this to the user. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This commit switches to a t-test function provided by scipy which operates on arrays. Also, the code around the t-test function is refactored to make better use of numpy.ndarrays, to reduce the amount of control code and to reduce the number of loops. All this allows for a speedup of 20x for the t-test computation. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Added support for general fixed-vs-random TVLA. Signed-off-by: vrozic <vrozic@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
The most important change of this commit is that it adds the option for step-wise processing of trace sets using the `-n` argument and related to that the capability to plot how the t-test values evolve with increasing number of traces. Other usability improvements include: - Filtered traces and the computed leakage are only saved to disk if the `-d` argument is provided. - Figures are only plotted and saved to disk if the `-f` argument is provided. - The t-test results can be written to disk using the `-d` argument. They can be loaded with the `-a` argument to only display results and plot figures if really needed. The results table is always printed. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This allows both specific AES TVLA (as we were doing before) and fixed- vs-random TVLA for AES and SHA3 using a single code base. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Fixes a way that a random set is constructed when running tvla general tests. Signed-off-by: vrozic <vrozic@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Add support for fixed-vs-random key TVLA when measurements are taken in random order (rather than alternating between fixed and random). The analysis works under the assumption is that the first trace in the project is generated using a fixed key. Signed-off-by: vrozic <vrozic@lowrisc.org>
Signed-off-by: Abdullah Varici <abdullah.varici@lowrisc.org>
The inrease in sampling rate by 2x and the trigger offset needs to be accounted for when plotting these figures. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This is not actually needed but may have a slightly negative impact when doing more than one step as the offset may vary with each step. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Without this commit, it could happen that the wrong bytes/rounds would be selected for the final results/figure plotting step in case only a subset of bytes/rounds were analyzed. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Previously, we were generating 9 histograms one for each possible Hamming weight of the sensitive variable. But the actual statistics are then computed by combining the 8 histograms for the non-zero Hamming weights (fixed vs. random). It this therefore more efficient to only generate 2 histograms in the first place. One for Hamming weight = 0 and one for Hamming weight > 0. Most importantly, this leads to a reduction in memory footprint of roughly 4.5x. Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
vrozic
approved these changes
May 23, 2022
moidx
approved these changes
May 23, 2022
alphan
approved these changes
May 23, 2022
| return leakage | ||
|
|
||
|
|
||
| def parse_args(): |
There was a problem hiding this comment.
nit: this would probably be shorter/simpler with typer.
Comment on lines
+445
to
+454
| Path("tmp").mkdir(exist_ok=True) | ||
| log_format = "%(asctime)s %(levelname)s: %(message)s" | ||
| log.basicConfig(format=log_format, | ||
| datefmt="%Y-%m-%d %I:%M:%S", | ||
| handlers=[ | ||
| log.FileHandler("tmp/log.txt"), | ||
| log.StreamHandler() | ||
| ], | ||
| level=log.INFO, | ||
| force=True,) |
There was a problem hiding this comment.
nit: this could be a command line argument.
| return parser.parse_args() | ||
|
|
||
|
|
||
| def main(): |
There was a problem hiding this comment.
nit: this function could benefit from some refactoring (e.g., moving chunks of code to helper functions).
|
Thanks @vogelpi! My comments should not block this PR, things to keep in mind going further. |
22 tasks
|
Thanks for the feedback everybody. I've filed issue #72 to track requested changes for the TVLA code. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR moves the current state of our TVLA code to the public repository.