public dataset
I have collected the following public dataset about side channel power attacks, for reference purposes only.
Most of these datasets are AES encryption algorithms.
We can roughly divide the dataset into four scenarios: high noise, low noise, jitter, and masking.
1. DPAconstest [link]
1.1 DPAcontest V2 [link]
-
organized by the VLSI research group from the COMELEC department of the Télécom ParisTech french University
-
the SASEBO GII board used for the acquisitions
-
AES-128 Hardware implementation without countermeasure
-
Databases:The DPA Contest V2 uses three databases, two public and one private:
-
- The template base : It contains the side-channel traces corresponding to 1,000,000 encryption operations. Each encryption is performed with a random key and a random plaintext. Keys, plaintexts and ciphertexts are public information. Hence, this database can be used to profile the attacks.
- The private base : It is not available to the participants and will be used to evaluate the attacks with an independent set of measurements. It contains traces corresponding to 32 random keys, each of them used to encrypt 20,000 random plaintexts, i.e. a total of 640,000 traces.
- The public base : is available to the participants. It also contains 640,000 traces (32 random keys, different from the keys in the private base, each of them used to encrypt 20,000 random plaintexts, also different from the plaintexts used in the private base). This base can be used to test attacks, in the same conditions as they will be evaluated with traces from the private base.
- Generally, we use The Public Base because fixed keys and random plaintext make it easier for us to use evaluating indicator such as guessing entropy.
- The signal-to-noise ratio of this data is very low and it is not easy to produce results. It is recommended to use it for research on preprocessing.
1.2 DPAcontest V4
- organized by the Digital Electronic Systemsresearch group from the Communication & Electronics department of the Télécom ParisTech french University
1.2.1 DPAcontest V4.1[link][github连接v4.1]
- EM (ElectroMagnetic) measurements
- 100,000 traces; To allow participants not to download the full set of traces
- The campaign is divided into 20 subsets of 10,000 traces each
- 435,002 time samples
- sampling frequency = 500MS/s
- Several protected implementations of AES are targeted
- a masked implementation of AES-256 on an Atmel ATMega-163 smart-card (AES-256 RSM)
1.2.2 DPAcontest V4.2[v4.2]
- EM (ElectroMagnetic) measurements
- 80,000 traces
- We used 16 different keys and for each key, we collected 5,000 traces corresponding to the encryption of 5,000 different plaintexts per key
- Several protected implementations of AES are targeted
- Each state byte has its own mask (4 bit entropy)
- an improved masked implementation of AES-128 on an Atmel ATMega-163 smart-card ( traces contain a complete encryption)
- Shuffling
2. ASCAD
2.1 ASCAD v1 [link, paper] [ASCAD - data.gouv.fr]
- ANSSI has provided source code implementations of two masked AES on the ATMega8515 MCU target
- the first version (v1) of the masked AES
- EM (ElectroMagnetic) measurements
- 60,000 traces
- 100,000 time samples
- sampling rate 2 GS/s
- The traces are synchronized, and no specific hardware countermeasure has been activated on the ATMega8515
2.2 ASCAD v2 [https://github.com/ANSSI-FR/SecAESSTM32] [ASCADv2 - data.gouv.fr]
- This database contained the power consumption of a STM32F303RCT7 during 800.000 random AES encryptions.
- The AES encryptions are protected with shuffling and affine masking
- The raw dataset is split into 8 files of 100.000 encryptions, and the extracted dataset contained the 800.000 preprocessed traces with additional metadata.
3. Grizzly [link]
- by Omar Choudary in August 2013
- power-analysis traces for an 8-bit load instruction
- recordings of the power-supply current of the 8-bit CPU Atmel XMEGA 256 A3U, an easily available microcontroller without side-channel countermeasures
4.Panda 2018 challenge1[link没有了]
- by International Conference Organization 2018
- Add command offset and random delay protection countermeasures. Maskless software implementation
- This is the 1200 energy traces collected when the standard AES-128 AT89S52 encryption device is encrypted.
5.AES_RD [link]
- Random Delay Countermeasure Dataset and software implementation of AES
6.AES_HD[link]
- AES HD: 100.000 traces, 1250 features max (whole trace)
- Traces are divided into 5 smaller sets (20000 each)
- AES for unprotected hardware implementation
- There is a large amount of circuit noise present
7.TeSCASE 数据集[link]
- Unmasked AES Power Traces
- Masked AES Power Traces
- GPU AES Power Traces
- GPU AES Timing Traces
- ARM ECC EM Traces
- Unmasked Keccak Power Traces