Side channel attacks

• Hweight_dpa_sca_aes_sbox.py : A schoolbook example of correlation power analysis side channel analysis of Advanced Encryption Standard's S-box based hacking.
• Hdist_dpa_sca_aes_sbox.py : Roughly the same, but with Hamming distances being considered as the primary leakage source.
• AES_cpa_sca_16x.py : A more near life solution where multiple S-box computations comprise the leakage. As such, the example also shows, that this attack works in the presence of noise, because when the input of a particular S-box is being guessed, all other S-box substitutions are meaningless (algorithmic) noise in the leakage data.
• AES_mia_sca.py: A side channel attack based on the core concept of mutual information analysis, that measures the likelyhoods of certain output values with respect to choosen inputs, and then kind of correlates the two histogram like distributions, to find the best matching for a certain key. Also implemented for arbitrary amount of S-boxes, enabling the user to test in algorithmic noise. The implementation requires roughly as many samples as CPA to guess most of the keys, yet it is way way faster to calculate!
• AES_mia_sca_corr_vs_err.py: testing if looking for minimal error between distributions would yield any better results than for maximal correlation. (It doesn't.)
• AES_mia_sca_16x_Hweight.py: brings already more similar results to what is described about mutual information analysis - it takes lots of computations, ~24M steps to guess any single key, yet ONLY 16 times, roughly 500 samples long traces are enough in case of 16 S-boxes to guess the keys, even if all power consumptions are measured together, meaning all the remaining 15 S-boxes' consumptions create algorithmic noise(!).
• AES_mia_sca_1x_2nd-order-masked.py is a MIA like hacking of 2nd order masked AES S-box scheme. It uses the same choosen plain text sequence everal times to averege out the effect of the random mask, then correlates the Hamming weight distributions gained to the ones previously set up as hypothesises.
• supply_penetrating-DPA.py is an idea that I developed based on differential power analysis, but instead of separating traces, I separated inputs so, that the output will have a certain power trace embedded into it
• supply_penetrating-DPA-w_encoding.py is the same as the previous, but the shape embedded into the output can be manipulated in order for it to be easier differentiated from noise
• XTS_mode_hack_PoC.py shows a proof of concept of hacking XTS hard disk encryption in a way similar to supply penetrating DPA so, that just a specially formatted file needs to be saved on the disk, while the encryption process' power consumption can be measure: it abuses the Galois multiplication by 2 which is a simple shift on most bytes, which is then capable of creating autocorrelation in the power trace at every 8th shift(!)