In [None]:
import numpy as np
import struct
import random

# Important!: this value must represent the bytes to be cracked in the attack scenario
#####################
# usage in HW, maxcpa, ranges
bytesToProcedure = 256
#####################

# mean; to calculate the mean of a dataset (numpy optimised)
def mean(X):
    return np.sum(X, axis=0)/len(X)

def mean_np(X):
    return np.mean(X, axis=0)

''' # example code for testing
a = np.array([[5, 3, 4, 4, 5, 6],
             [27, 2, 3, 4, 12, 6],
              [1, 3, 5, 4, 5, 6],
              [1, 2, 3, 4, 5, 6],
             ]).transpose()
a_bar = mean(a)

b = np.array([[5, 4, 3, 2, 1, 3]]).transpose()
b_bar = mean(b)
'''

# standard deviation (numpy optimised)
def std_dev(X, X_bar):
    return np.sqrt(np.sum((X-X_bar)**2, axis=0))

def std_np(X):
    return np.std(X)

'''
o_a = std_dev(a, a_bar)
o_b = std_dev(b, b_bar)
'''

# covariance (numpy optimised)
def cov(X, X_bar, Y, Y_bar):
    return np.sum((X-X_bar)*(Y-Y_bar), axis=0)

def cov_np(X, Y):
    return np.cov(X, y=Y)

'''
ab_cov = cov(a, a_bar, b, b_bar)
'''

# hamming weight, pre-calculate => only works for the implemented range
HW = [bin(n).count("1") for n in range(0, 256)]

# hamming weight fast calculation
def hw(x):
    x -= (x >> 1) & 0x5555555555555555
    x = (x & 0x3333333333333333) + ((x >> 2) & 0x3333333333333333)
    x = (x + (x >> 4)) & 0x0f0f0f0f0f0f0f0f
    return ((x * 0x0101010101010101) & 0xffffffffffffffff) >> 56

# hamming weight numpy compatible
def hw_np(x):
    x -= (x >> 1) & 0x5555555555555555
    x = (x & 0x3333333333333333) + ((x >> 2) & 0x3333333333333333)
    x = (x + (x >> 4)) & 0x0f0f0f0f0f0f0f0f
    return (x * 0x0101010101010101) >> 56

''' # hamming weight benchmark
import time
st = time.time()
for _ in range(1000000):
    assert HW[7] == 3
print(time.time() - st)
# ~ 0.0921471118927002

st = time.time()
for _ in range(1000000):
    assert hw(7) == 3
print(time.time() - st)
# ~ 0.8255484104156494
'''


# fast Pearson Correlation Coefficient calculation
# (c) Prof. Dr. Jungk, HS-AlbSig
def corr2_coeff(A,B):
    # Rowwise mean of input arrays & subtract from input arrays themeselves
    A_mA = A - A.mean(1)[:,None]
    B_mB = B - B.mean(1)[:,None]

    # Sum of squares across rows
    ssA = (A_mA**2).sum(1);
    ssB = (B_mB**2).sum(1);

    # Finally get corr coeff
    return np.dot(A_mA,B_mB.T)/np.sqrt(np.dot(ssA[:,None],ssB[None])) 

In [None]:
# use measured and saved traces
trace_array = np.load('trace10-mbedtls.npy')
nc_array = np.load('nonce10-mbedtls.npy')

ntraces = len(trace_array)

In [None]:
from tqdm.notebook import trange
# with above numpy compatible hamming weight calculation an overflow occurs (okey!), disable warning...
np.seterr(over='ignore')

cparefsMax1 = np.zeros(bytesToProcedure) # max correlations for each byte
cparefsMin1 = np.zeros(bytesToProcedure) # min correlations for each byte

bestguessMax1 = np.zeros(16) # 128 Bit for first half of the key; put your key byte guess correlations here
bestguessMin1 = np.zeros(16) # 128 Bit for first half of the key; put your negative key byte guess correlations here


cparefsMaxX2 = np.zeros(bytesToProcedure) # max correlations for each byte
cparefsMinX2 = np.zeros(bytesToProcedure) # min correlations for each byte
cparefsMaxS2 = np.zeros(bytesToProcedure) # max correlations for each byte
cparefsMinS2 = np.zeros(bytesToProcedure) # min correlations for each byte

# 128 Bit for second half of the key; put your negative and positive key byte guess here
bestguessMaxX2 = np.zeros(16) 
bestguessMinX2 = np.zeros(16) 
bestguessMaxS2 = np.zeros(16) 
bestguessMinS2 = np.zeros(16) 

cpas1 = [0] * 16 # => get all cpas to plot
cpas2_x = [0] * 16 # => get all cpas to plot
cpas2_s = [0] * 16 # => get all cpas to plot

for bnum in trange(16, desc="Breaking 256 Bit Key"):
    
    hws = np.zeros((bytesToProcedure, ntraces))

    for i in range(ntraces):
        for kguess in range(0, bytesToProcedure):
            hws[kguess, i] =  hw_np(round_part1(cs[bnum], kguess, (nc_array[i])[bnum]))
        
    corr = corr2_coeff(hws, trace_array.transpose())

    for i in range(0, bytesToProcedure):    
        # best guess for this key-byte is the max/min argument, with his cpa
        cparefsMax1[i] = np.max(corr[i])
        cparefsMin1[i] = np.min(corr[i])
    bestguessMax1[bnum] = np.argmax(cparefsMax1)
    bestguessMin1[bnum] = np.argmin(cparefsMin1)
    
    cpas1[bnum] = corr
    
    #second part
    hws_x = np.zeros((bytesToProcedure, ntraces))
    hws_s = np.zeros((bytesToProcedure, ntraces))

    for i in range(ntraces):
        for kguess in range(0, bytesToProcedure):
            hws_x[kguess, i] =  hw_np(round_part2(cs[bnum], int(bestguessMax1[bnum]), kguess, nc_array[i, bnum]))
            hws_s[kguess, i] =  hw_np(round_part2(cs[bnum], int(bestguessMin1[bnum]), kguess, nc_array[i, bnum]))

    corr_x = corr2_coeff(hws_x, trace_array.transpose())
    corr_s = corr2_coeff(hws_s, trace_array.transpose())

    for i in range(0, bytesToProcedure):    
        # best guess for this key-byte is the max/min argument, with his cpa
        cparefsMaxX2[i] = np.max(corr_x[i])
        cparefsMinX2[i] = np.min(corr_x[i])
        cparefsMaxS2[i] = np.max(corr_s[i])
        cparefsMinS2[i] = np.min(corr_s[i])
    bestguessMaxX2[bnum] = np.argmax(cparefsMaxX2)
    bestguessMinX2[bnum] = np.argmin(cparefsMinX2)
    bestguessMaxS2[bnum] = np.argmax(cparefsMaxS2)
    bestguessMinS2[bnum] = np.argmin(cparefsMinS2)
    
    cpas2_x[bnum] = corr_x
    cpas2_s[bnum] = corr_s

    
print("Best Key Guess k0-k3 Max: ", end="")
# present the output in a more readable way
for b in bestguessMax1.astype(int): print("%02x " % b, end="")
print()
print("Best Key Guess k0-k3 Min: ", end="")
for b in bestguessMin1.astype(int): print("%02x " % b, end="")
print()
print()


print("Best Key Guess k4-k7 MaxX: ", end="")
# present the output in a more readable way
for b in bestguessMaxX2.astype(int): print("%02x " % b, end="")
print()
print("Best Key Guess k4-k7 MinX: ", end="")
for b in bestguessMinX2.astype(int): print("%02x " % b, end="")
print("\n")
print("Best Key Guess k4-k7 MaxS: ", end="")
for b in bestguessMaxS2.astype(int): print("%02x " % b, end="")
print()
print("Best Key Guess k4-k7 MinS: ", end="")
for b in bestguessMinS2.astype(int): print("%02x " % b, end="")