ChipWhisperer: Power Analysis Attack on Magma
As part of Summer of Hack 2019 at Digital Security, I studied power analysis attacks and worked with ChipWhisperer.
---
What is it?
Power analysis is a type of side-channel attack—that is, attacks that exploit information leaked through the physical implementation of a system.
Examples of useful information for an attacker:
execution time of cryptographic operations
power consumption
electromagnetic emissions
noise, etc.
Power analysis is considered one of the most universal approaches.
---
Why does it work?
Most microprocessors, microcontrollers, RAM, and many other logic circuits are based on CMOS technology.
The total power consumption of CMOS circuits consists of two components:
static power (very small and mostly constant)
dynamic power (caused by transistor switching)
Dynamic power depends on processed data and executed operations. Since static power is nearly constant, variations in total power consumption are primarily due to dynamic power—making it possible to analyze data through power measurements.
---
Tooling
I used the ChipWhisperer 2-Part Version.
ChipWhisperer is an open-source toolkit for researching embedded device security. It enables power analysis and fault injection attacks.
The board costs around $250, which is relatively inexpensive compared to professional setups that can cost $30,000+. The system consists of:
a target board
a capture board
Other versions and expansion boards are available for more advanced setups.
ChipWhisperer provides:
a well-maintained wiki
training labs (AES, DES, TEA)
API documentation (from version 5)
Power traces are captured from the target device and stored as NumPy arrays.
To begin, you need firmware for the target device. Prebuilt examples exist for common ciphers, but for custom research, parameters (sampling rate, offsets, etc.) must be tuned experimentally.
It is also possible to perform fault injection attacks, such as glitching the clock to skip instructions and extract secrets.
In professional setups, oscilloscopes are often used for trace acquisition.
---
Analysis Methods
There are several main techniques:
Simple Power Analysis (SPA)
Differential Power Analysis (DPA)
Correlation Power Analysis (CPA)
SPA (Simple Power Analysis)
SPA involves visually analyzing power traces.
For example:
extracting passwords character-by-character
identifying encryption rounds
In AES, for instance, you can clearly observe 10 rounds in the trace.
However, SPA alone is usually insufficient to recover keys.
---
DPA (Differential Power Analysis)
DPA uses statistical methods to identify differences in power traces.
It is highly effective but requires a large number of traces. I did not use this method directly.
---
CPA (Correlation Power Analysis)
CPA is based on statistical correlation between predicted and actual power consumption. It typically requires fewer traces than DPA.
The main goal is to build an accurate power model.
One common model is the Hamming weight:
number of set bits in a value
assumption: more bits set → higher power consumption
Another model: Hamming distance (bit differences between two values).
To compare model predictions with real traces, we use the Pearson correlation coefficient. A correct key hypothesis produces a correlation close to 1.
---
CPA Algorithm Overview
1. Capture power traces for operations with an unknown key
2. Build a power model for all possible key byte values (256 options per byte)
3. Compute correlation between predicted and actual power
4. The correct key guess yields the highest correlation
5. Repeat for all key bytes
This allows recovering the key incrementally.
---
Analysis of the Magma Cipher
Magma cipher (formerly GOST 28147-89) is a 64-bit block cipher with:
32 rounds
a 256-bit key
Each round uses part of the original key.
We analyze it using CPA.
---
Approach
We select an intermediate value dependent on:
known data (plaintext or ciphertext)
part of the key
Typically, this is the output of an S-box in the first or last round.
Since I used known plaintexts, I focused on early rounds.
Unlike AES or DES, Magma uses addition modulo 2³², not XOR. This complicates analysis because lower bits affect higher bits.
Thus, it is more convenient to start from the last S-box outputs.
---
Power Model Example
(code unchanged)
Here, the leak function returns the S-box output.
---
Correlation Calculation
(code unchanged)
When the correct subkey is guessed, a strong correlation spike appears.
---
Key Recovery
Each byte of the round key is recovered sequentially:
(code unchanged)
After recovering one round key, the process continues for others. Eventually, the full key can be reconstructed.
---
Challenges
Unlike XOR-based ciphers, addition modulo 2³² introduces dependencies between bits
Errors in intermediate steps propagate and break the entire key recovery
Most real devices are 8-bit, not 4-bit
For Magma:
ideal architecture: 4-bit (one S-box at a time)
actual test device: 8-bit → processes two S-boxes at once
This leads to complications:
power traces reflect combined operations
partial matches can produce misleading correlation peaks
---
Conclusion
Power analysis attacks, especially CPA, are powerful tools for extracting cryptographic secrets.
Working with tools like ChipWhisperer provides valuable insight into how hardware leaks information—and how such vulnerabilities can be exploited.
As part of Summer of Hack 2019 at Digital Security, I studied power analysis attacks and worked with ChipWhisperer.
---
What is it?
Power analysis is a type of side-channel attack—that is, attacks that exploit information leaked through the physical implementation of a system.
Examples of useful information for an attacker:
execution time of cryptographic operations
power consumption
electromagnetic emissions
noise, etc.
Power analysis is considered one of the most universal approaches.
---
Why does it work?
Most microprocessors, microcontrollers, RAM, and many other logic circuits are based on CMOS technology.
The total power consumption of CMOS circuits consists of two components:
static power (very small and mostly constant)
dynamic power (caused by transistor switching)
Dynamic power depends on processed data and executed operations. Since static power is nearly constant, variations in total power consumption are primarily due to dynamic power—making it possible to analyze data through power measurements.
---
Tooling
I used the ChipWhisperer 2-Part Version.
ChipWhisperer is an open-source toolkit for researching embedded device security. It enables power analysis and fault injection attacks.
The board costs around $250, which is relatively inexpensive compared to professional setups that can cost $30,000+. The system consists of:
a target board
a capture board
Other versions and expansion boards are available for more advanced setups.
ChipWhisperer provides:
a well-maintained wiki
training labs (AES, DES, TEA)
API documentation (from version 5)
Power traces are captured from the target device and stored as NumPy arrays.
To begin, you need firmware for the target device. Prebuilt examples exist for common ciphers, but for custom research, parameters (sampling rate, offsets, etc.) must be tuned experimentally.
It is also possible to perform fault injection attacks, such as glitching the clock to skip instructions and extract secrets.
In professional setups, oscilloscopes are often used for trace acquisition.
---
Analysis Methods
There are several main techniques:
Simple Power Analysis (SPA)
Differential Power Analysis (DPA)
Correlation Power Analysis (CPA)
SPA (Simple Power Analysis)
SPA involves visually analyzing power traces.
For example:
extracting passwords character-by-character
identifying encryption rounds
In AES, for instance, you can clearly observe 10 rounds in the trace.
However, SPA alone is usually insufficient to recover keys.
---
DPA (Differential Power Analysis)
DPA uses statistical methods to identify differences in power traces.
It is highly effective but requires a large number of traces. I did not use this method directly.
---
CPA (Correlation Power Analysis)
CPA is based on statistical correlation between predicted and actual power consumption. It typically requires fewer traces than DPA.
The main goal is to build an accurate power model.
One common model is the Hamming weight:
number of set bits in a value
assumption: more bits set → higher power consumption
Another model: Hamming distance (bit differences between two values).
To compare model predictions with real traces, we use the Pearson correlation coefficient. A correct key hypothesis produces a correlation close to 1.
---
CPA Algorithm Overview
1. Capture power traces for operations with an unknown key
2. Build a power model for all possible key byte values (256 options per byte)
3. Compute correlation between predicted and actual power
4. The correct key guess yields the highest correlation
5. Repeat for all key bytes
This allows recovering the key incrementally.
---
Analysis of the Magma Cipher
Magma cipher (formerly GOST 28147-89) is a 64-bit block cipher with:
32 rounds
a 256-bit key
Each round uses part of the original key.
We analyze it using CPA.
---
Approach
We select an intermediate value dependent on:
known data (plaintext or ciphertext)
part of the key
Typically, this is the output of an S-box in the first or last round.
Since I used known plaintexts, I focused on early rounds.
Unlike AES or DES, Magma uses addition modulo 2³², not XOR. This complicates analysis because lower bits affect higher bits.
Thus, it is more convenient to start from the last S-box outputs.
---
Power Model Example
(code unchanged)
Here, the leak function returns the S-box output.
---
Correlation Calculation
(code unchanged)
When the correct subkey is guessed, a strong correlation spike appears.
---
Key Recovery
Each byte of the round key is recovered sequentially:
(code unchanged)
After recovering one round key, the process continues for others. Eventually, the full key can be reconstructed.
---
Challenges
Unlike XOR-based ciphers, addition modulo 2³² introduces dependencies between bits
Errors in intermediate steps propagate and break the entire key recovery
Most real devices are 8-bit, not 4-bit
For Magma:
ideal architecture: 4-bit (one S-box at a time)
actual test device: 8-bit → processes two S-boxes at once
This leads to complications:
power traces reflect combined operations
partial matches can produce misleading correlation peaks
---
Conclusion
Power analysis attacks, especially CPA, are powerful tools for extracting cryptographic secrets.
Working with tools like ChipWhisperer provides valuable insight into how hardware leaks information—and how such vulnerabilities can be exploited.
