# Side Channel Leakage Capture Mechanism Design, Implementation and SCA LAB Setup

| 1 | Problem<br>Statement    | <ul> <li>Side Channel Leakages Capture Mechanism Design, Implementation using SAKURA-X Board:</li> <li>Design and Implementation of side channel leakages capture setup for evaluation of cryptographic algorithms HDL strength implementation running on SAKURA-X crypto FPGA.</li> <li>The works includes: - <ul> <li>Synchronized side channel leakages traces capture scheme design using SAKURA-X and Oscilloscope along with corresponding plaintext and key.</li> <li>Data I/O and Power/EM trace capture reference model development with AES 256 GCM HDL implementation. It includes development of I/O control PC software modules, SAKURA-X Control FPGA IP Cores and integration with C-DOT provided AES 256 GCM IP Core.</li> <li>Trigger scheme design for Oscilloscope and captured traces alignment.</li> <li>Key recovery using CPA analysis of a leaky reference implementation of AES-256 for setup</li> </ul> </li> </ul>                                                                                                                                                                                                                                                |
|---|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|   |                         | validation.<br>- Transfer of Technology, SCA Lab Setup at C-DOT, New Delhi and Hands-on training                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| 2 | Technology Area         | Telecom Network and Cybersecurity                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| 3 | Project<br>Introduction | Side-channel analysis (SCA) is a method of exploiting unintentional information leakage from a process in a device. The central idea of side-channel analysis is to compare some secret data-<br>dependent predictions of the physical leakages and the actual (measured) leakage to identify the data most likely to have been processed. Side-channel analysis consists of two steps, commonly referred to as identification and exploitation. The identification consists of understanding the leakage and building suitable models. The exploitation consists of using the identified leakage models to extract the secret key. In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g., flaws found in a cryptanalysis of a cryptographic algorithm) or minor, but potentially secure, its implementation weaknesses. Hence, even though algorithms could be mathematically secure. Thus, SCA is an important step in the development of cryptographically secure products. |
|   |                         | Institutions in a collaborative solution led by C-DOT for the development of Side Channel<br>Analysis Setup using SAKURA-X. The potential participants should have domain expertise in<br>computer and FPGA programming, Cryptography, SCA etc.<br>The final outcome of the collaborative development project shall be a SAKURA-X based working<br>setup with complete input control (Plain text and Key) and should capture/store Power/EM<br>traces of AES and other crypto algorithm implementation with corresponding plaintext in an<br>aligned manner for TVLA and CPA analysis. Through a process of rigorous technical evaluation,<br>C-DOT shall select participants holding the most promise of delivering commercial grade<br>outcomes as its development partners ("Partner") in the project. In order to achieve an<br>efficient, accurate and production-ready solution, C-DOT would prefer to select multiple<br>Partners for the same work item wherever feasible.                                                                                                                                                                                                           |

| 4 | Description | The main objective of the project is to develop a methodology for capturing side channel data<br>leakages through real-time Power Usage Change and Electromagnetic emissions (EM) emitted<br>from an FPGA while running a cryptographic algorithm implementation on it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|---|-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|   |             | The side channel leakage capturing hardware framework is to be based on SAKURA-X COTS SCA reference board and an Oscilloscope.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
|   |             | SAKURA-X (Side-channel AttacK User Reference Architecture) is a commercially available reference board specifically designed by AIST, Japan for performing Side Channel Leakage assessments of crypto HDL implementations. SAKURA-X has two on-board FPGAs. One is Controller FPGA (Spartan-6) for Input/output data handling and the other Crypto FPGA (Kintex-7) is for running the crypto algorithm implementation under test. An internal on-board interface exists between Controller and Crypto FPGA for configuring the under-test crypto algorithm implementation.                                                                                                                                                                                                                                                                                                             |
|   |             | As an example, for AES-256 FPGA implementation differential power leakage assessment using above hardware framework setup, the HDL implementation bitstream is programmed in SAKURA-X Crypto FPGA using JTAG interface. A pair of Plain Text and Random Key is fed to Crypto FPGA through Control FPGA I/O and the AES-256 algorithm ciphertext output is then received back through the same control FPGA I/O interface. The received ciphertext from Crypto FPGA for a given pair of plaintext and random key is saved on a PC. Suitable trigger conditions are embedded into AES-256 HDL implementation, which when fulfilled, toggle an output GPIO pin of SAKURA-X. This GPIO is connected to an oscilloscope input and based on this trigger, it starts recording power traces being fed to it from SAKURA-X Input Power Tap point (SMA port) through a SMA-BNC low noise cable. |
|   |             | Based on above framework requirement, following modules are required to be designed and implemented for: -                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|   |             | SAKURA-X Controller FPGA (Spartan-6 XC6LX45-2FGG484C)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|   |             | The control FPGA acts as an interface between an external PC and Crypto FPGA. A USB interface is provided on-board SAKURA-X for I/O purpose. Verilog based IP core implementation is required for following subsystems: -                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|   |             | <ul> <li>Serial Communication Controller (USB/UART) for data exchange with PC (plain text, random keys, cipher text)</li> <li>Input/Output (I/O) data controller (Plain text, Cipher text, Keys) for interacting with Crypto</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|   |             | <ul><li>FPGA and an external PC.</li><li>Clock controller</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
|   |             | SAKURA-X Cryptographic FPGA (Kintex-7 XC7K160T-1FBGC)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|   |             | The cryptographic FPGA is where any crypto implementation under test is run based on inputs and configuration received from Controller FPGA. Verilog based IP core implementation is required for following subsystems: -                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|   |             | <ul> <li>A Reference implementation of AES-256 (any mode) with embedded trigger and<br/>trigger mapping to SAKURA-X GPIO pin</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |

| r |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|   | <ul> <li>Interface specification for inserting any other AES/Crypto implementation from a third-<br/>party or C-DOT. It includes integration of C-DOT provided AES-256 GCM<br/>implementation with the test framework.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|   | External PC (Windows 11)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|   | The task of external PC is to generate plain text and random keys and to receive ciphertext from SAKURA-X. Following modules are required for PC                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|   | <ul> <li>Input/Output (I/O) control software module. This will control feeding of plain text and<br/>random keys to SAKURA-X Serial interface (USB/UART) and shall receive the generated<br/>cipher text for the given input from SAKURA-X on the same interface. It shall also<br/>interact with a Windows 10/11 based oscilloscope for performing remote operations<br/>on it. This module can be designed using general purpose programming language such<br/>as Python, C, C#, C++, MATLAB etc. It is also expected to save plain text along with<br/>captured traces in an aligned manner.</li> </ul>                                                                                                     |
|   | Oscilloscope                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
|   | The oscilloscope shall be used for capturing the side channel leakage traces based on certain trigger events from SAKURA-X board. It shall also interact with external PC based I/O control software module over Ethernet for any remote procedure call and transfer of captured traces. Power/EM traces should be saved with the respective Plain text. This is required for Correlation Power Analysis (CPA) type attack analysis.                                                                                                                                                                                                                                                                           |
|   | <ul> <li>Windows based Oscilloscope: The Oscilloscope available with C-DOT is a Teledyne-LeCroy Mixed Digital Signal Oscilloscope (WavePro 404HD-MS, 12 Bit ADC, 4 Ch, 1000 Mpt/Ch Analog, 32GB RAM, 20GS/s, 4Ghz Bandwidth, Windows 10, Teledyne-LeCroy MAUI™ with OneTouch, Intel® Core i5-6500, 2 Ethernet RJ-45, 4 USB 3.0, 1 HDMI, 512 GB Internal Hard Driver). The oscilloscope has various connectivity options over ethernet (using VICP or LXI), USB.</li> <li>It is expected that delivered side channel analysis setup framework will integrate the above mentioned oscilloscope. The same has to be validated in the C-DoT lab during integration of the side channel analysis system.</li> </ul> |
|   | Clock and Trace Synchronization                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|   | As every hardware unit and interface is working on different clock cycles, it is pertinent that proper synchronization is established between disparate clock domains so that no data loss or misalignment occur while traces are being captured. Following framework is required to be designed for fulfilling above essential requirement                                                                                                                                                                                                                                                                                                                                                                    |
|   | <ul> <li>Configuration of internal clocks and synchronization between external and internal clocks for error-free data transfer.</li> <li>Synchronization among external PC, Controller FPGA, Crypto FPGA modules and oscilloscope to capture noise-free and aligned side channel leakage traces with respect to input plain text and random keys.</li> </ul>                                                                                                                                                                                                                                                                                                                                                  |
|   | A brief sample diagrammatic representation of the hardware setup for power leakages capture<br>for AES is given below (arrows denotes connections):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |



| 5 | Roles &<br>Responsibilities<br>of<br>C-DOT     | <ul> <li>C-DOT provide technical development assistance, infrastructure and financial support to the project partners selected through a process of evaluation and due diligence conducted by a committee of subject experts.</li> <li>Wherever deemed necessary, C-DOT may arrange resources, equipment, training, testing infrastructure, mandatory clearances, statutory permissions, and provide gap funding to the partners in realizing the respective target deliverables.</li> <li>Development costs of the module, whether developed from scratch or derived from existing background technology of partners shall be borne by C-DOT. C-DOT shall use the final solution for integration with production grade software and SCA lab setup. C-DOT reserves the right to modify and enhance the solution and provide it to C-DOT customers or other Partners.</li> <li>C-DOT shall engage with Partners on a non-exclusive basis and shall retain its right to develop similar products / through other developmental programs.</li> <li>C-DOT Delhl GST No: 07AAATC3895K1ZD</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|---|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 6 | Roles &<br>Responsibilities<br>of Participants | The Partner(s) may build the required module afresh or by modifying pre-existing background technologies available with them. The Partner(s) may utilize the available test and infrastructure facilities offered by C-DOT with no financial implication for its usage.<br>All commercial proposals shall include manpower and other costs breakup (Capital, Consumables, Travel, DA, Training, Contingency, Overhead, GST etc.).<br>Participation in the project shall be on a non-exclusive basis. All partner(s) shall be required to demonstrate commitment to the project by entering into a formal agreement with C-DOT as per the CCRP policy.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| 7 | Expected<br>Deliverables                       | <ul> <li>PC (Windows) application module: Input/Output Control Software module written in a suitable language (Python, C, C#, MATLAB etc.). For a better idea as to what degree I/O control is required, Rambus TVLA with AES document (see resources) can be referred.</li> <li>PC (Windows) application module: Input/Output Control Software module for remote-procedure based control of Oscilloscope in order to obtain power/EM traces aligned with input plaintext and the associated ciphertext. Power/EM traces can be stored remotely on a computer or on the oscilloscope itself.</li> <li>Power/EM traces are to be saved with the respective Plain text. This is required for Correlation Power Analysis (CPA) type attack analysis. Remote Procedure calls of WavePro 404HD-MS Oscilloscope are to be used in I/O Control Software to achieve this alignment.</li> <li>IP cores for SAKURA-X Control FPGA for interfacing with PC I/O Control software module and Crypto FPGA for transfer of plaintext, keys, ciphertext across different clock domains. AIST provided HDL files can also be used after suitable modification.</li> <li>Synchronization between external PC, Controller FPGA, Crypto FPGA modules and oscilloscope for aligned capture and recording of noise-free side channel leakage traces with respect to input plain text and random keys.</li> <li>A leaky reference implementation of AES-256 (any mode) with embedded triggers at specific points of the algorithm. Key recovery using CPA analysis is required to be demonstrated for qualifying the solution as a usable setup.</li> </ul> |

| 8 | Ownership of<br>Background &<br>Foreground IP | Background technologies used in the project shall continue to remain with the respective<br>owners.<br>New foreground technologies created during the project shall be owned by the respective<br>development partners, individually or collectively as the case may be.<br>Any agreement required for collective ownership shall be settled directly by the concerned<br>partners.<br>The ownership of the final solution shall rest collectively with C-DOT and all its partners." |
|---|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|---|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

## Important Resources:

#### Oscilloscope:

https://www.teledynelecroy.com/oscilloscope/wavepro-hd-oscilloscope/wavepro-404hd-ms SAKURA-X Documentation https://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html http://www.risec.aist.go.jp/project/sasebo/download/SASEBO-GIII\_Spec\_v1\_1\_English.pdf https://web.archive.org/web/20160806152144/http://www.risec.aist.go.jp/project/sasebo/download/SASEB O-GIII\_QSG\_English.pdf https://www.risec.aist.go.jp/project/sasebo/download/SASEBO-GIII\_QSG\_English.pdf https://www.risec.aist.go.jp/project/sasebo/download/SASEBO-GIII\_QSG\_English.pdf

### Software:

https://www.risec.aist.go.jp/project/sasebo/download/sasebo\_giii\_materials.zip

## **RamBus Document**

https://www.rambus.com/wp-content/uploads/2015/08/TVLA-DTR-with-AES.pdf

## Technology Areas (XXXX)

| PQC  | Post-Quantum Cryptography         |
|------|-----------------------------------|
| TVLA | Test Vector Leakage Assessment    |
| СРА  | Correlation Power Analysis        |
| DPA  | Differential Power Analysis       |
| EMA  | Electromagnetic Emission Analysis |
| SCA  | Side Channel Analysis             |
| OTHR | Other                             |