Difference of Datasets: Sampling Frequency / EM & Power?

[LarsTeh]

First of all, thank you for providing the additional data set with the random keys. Great work! :-)

When looking at the two different data sets, I was a little puzzled about the difference regarding sampling frequencies and lengths. From the information available, the following sampling rates and length of a trace can be concluded:

• Fixed key version: 2GS/s (paper & github), 100,000 samples
• Random key version: 500MS/s (info in HDF5), 250,000 samples

However, assuming in both cases the clock frequency of 4MHz is used, either the Random Key Version uses a sampling frequency of 5GS/s or the one with the Fixed Key Version was sampled at 200MS/s. To conclude: how samples are contained in a clock cycle in each of the sets?

Also regarding the qualitative behavior of the data sets there are some notable difference. Where the two campaigns measured both with EM (and if so with the same probe at the same position) or is the fixed key version measured over a shunt resistor (on github only "Power consumptions measurements" is stated, while in the paper is says "EM").

Could you shed some light onto these observations?

[rben-dev]

Thanks for your kind words and your relevant questions. The two campaigns have indeed not been measured with the same objectives in mind. The fixed key campaign was measured with a strong incentive to get a clean signal in order to make sure that simple attacks could be performed, while this effort was not stressed in the random key campaign, which aims at being more challenging. This explains the notable difference of sampling rate and signal quality that you observed.

Another choice that was made for the second campaign was to slightly extend the captured time frame, in order to allow for more complex attacks. While the fixed key campaign covers approximately half of the first round of the AES execution, the random key campaign covers almost two full rounds, allowing for more intermediate values to be observed and taken into account by the models.

Concerning your second point, we fully understand the confusion which comes from a wrong initial statement on our side. The first campaign (fixed key) has been measured on a platform on which we didn't have any control over. We originally thought that it was an EM campaign, but later discovered that it was actually Icc (as for the second campaign, on which we have full control over). We are going to remove the confusion from the paper.

Regards, The ANSSI team,

[tschambe]

Dear ASCAD team, first of all thank you very much for providing your database to the community. Recently I also observed the behavior described in the first post of this issue. You have elaborated on some of the points, thank you for your time to provide this answer. Nevertheless, it would still be valuable if you could give an answer to the question about the sampling frequency respectively the amount of samples per clock cycle?

[liuli9203]

Hi, as you said, "We originally thought that it was an EM campaign, but later discovered that it was actually Icc (as for the second campaign, on which we have full control over)." So, what does the abbreviation "lcc" refer to ?

[prouff]

Hi, Icc = income consumption curve. It stands for the current into the device. Regards, ANSSI TEAM

[tschambe]

Dear ASCAD team,

we currently have a paper under review that evaluates attack results for both ASCAD v1 databases (fixed + random key) regarding all available key bytes. In this context we provide a detailed leakage analysis in which we also comment on the topic of the trace acquisition method (power measurements vs. EM measurements). If we correctly interpret your comment from the 15.10.2019 the mapping is the following:

• ASCAD v1 (fixed-key): Power measurements (No EM traces)
• ASCAD v1 (variable-key): also power measurements (No EM traces)

In our paper we come to a different conclusion:

• ASCAD v1 (fixed-key): Power measurements
• ASCAD v1 (variable-key): EM measurements

Our arguments for this conclusion are:

a) The journal version of the ASCAD paper (https://doi.org/10.1007/s13389-019-00220-8) clearly shows an SCA setup using an EM probe (p.7). If you did not have control over the first fixed-key database we would conclude that ASCAD random-key is captured with this setup -> it is an EM measurement campaign.

b) We compare the SNR results for both datasets (the chosen sample range for k_2) in the following figure:

From this we make the observation that the leakage in ASCAD (fixed-key) is spread over multiple clock cycles. This is typical for power measurements and therefore confirms the correct mapping. However, in the ASCAD (variable-key) dataset this is not the case. The leakage is much more confined around the beginning of a clock cycle. This leads us to the conclusion that ASCAD (variable-key) consists of EM measurements.

c) By plotting the raw traces for both datasets there is a strong difference in the characteristics:

ASCAD (fixed-key)

This plot shows in our experience the characteristic of power traces, which confirms the correct mapping.

ASCAD (variable-key)

These traces look very different from ASCAD (fixed-key) and show characteristics of EM measurements:

• There are sharp changes in the traces around clock edges
• The two peaks should be the positive and negative clock edges

Cloud you please clarify this issue, as we can still update/correct our claim for the final version of the paper. Thank you very much in advance.

[rben-dev]

Hi,

Here are some clarifications about the ASCAD v1 campaigns on the ATMega target:

1) The two campaigns (fixed and variable keys) are Icc ones taking the consumption of the smart card using our custom reader. We are absolutely sure about this as we have only used "untouched" (unprepared) smart cards and the photo in the article is only here as an example of our setup (we also perform EM on other targets, hence the probe in the photo).

2) Regarding the discrepancy between the first campaign and the clock cycle of the target (i.e. 2GS/s seems a bit high when compared to the 4MHz clock cycle of the target), we indeed agree that the first campaign (fixed key) looks a bit odd. We clearly cannot make a strong statement about the 2GS/s and this might be related to an error in the metadata of the campaign: from a comparison of the two campaigns, 200MS/s seems to be a better fit. We are sorry for this ambiguity and possible mistake, but it will be very difficult for us to check this using the available data of this campaign. Also, apart from this sampling rate interrogation, the difference in the characteristics of the shapes of the two campaigns might come from different oscilloscope probes (e.g. applying some low pass filtering on the first campaign).

So I think that if there is an update in the claims of your paper, it would concern the sampling rate of the first campaign but clearly not the EM versus Icc issue, and not regarding the second campaign. We hope that this answers your interrogations.

Regards,