how do you generate the CHES CTF 2018 dataset?

[loccs-cp]

Dear author，
I have read your paper, and I have a few questions about the CTF2018 dataset. I hope you can help me out.

1. the original dataset has 10k traces (each device) with random key, yet you provide 45k traces with fixed key. How do you generate your dataset?
2. the original dataset has far more points per trace, yet you use 2000 points. How do you locate the PoI around sbox?
3. do you use a different device for attack?

thanks.

[AISyLab]

Hi,

When the datasets for the capture-the-flag on CHES2018 were released, the authors provided 500k traces (if I am not mistaken). We saved 50k traces, then we split into two sets of 45,000 and 5,000 (with different keys).

We saved the region around the processing of first SBox and the traces were (z-score) normalized (with a visual inspection, it was possible to locate the processing of first sbox - all 16 bytes).

We uploaded the dataset in .h5 format following the same structure from ASCAD codebase.
You can download the CHES CTF 2018 with 50,000 traces from here: http://aisylabdatasets.ewi.tudelft.nl/

To read the file, you can use the code example below:

in_file = h5py.File("my_location/my_dataset.h5", "r") profiling_samples = numpy.array(in_file['Profiling_traces/traces'], dtype=numpy.float64) attack_samples = numpy.array(in_file['Attack_traces/traces'], dtype=numpy.float64) profiling_plaintext = in_file['Profiling_traces/metadata']['plaintext'] attack_plaintext = in_file['Attack_traces/metadata']['plaintext'] profiling_ciphertext = in_file['Profiling_traces/metadata']['ciphertext'] attack_ciphertext = in_file['Attack_traces/metadata']['ciphertext'] profiling_key = in_file['Profiling_traces/metadata']['key'] attack_key = in_file['Attack_traces/metadata']['key']

Let us know if you have any further questions.

[loccs-cp]

hi,

Thanks for your reply. But I'm still a bit confused. You mentioned in README.md that the original dataset has 10k traces per device, which is consist with the content of CHES CTF webset. But you say they actually release 500k traces and you save 50k. Do you mean the released CTF dataset has been changed? So, are the 50k traces acquired from a single device?

thanks, sincerely.

[AISyLab]

During the CTF (in 2018), all 500k traces per device were available. After the CTF was finished, they released only 10k traces per device, as you can see in their webpage (https://chesctf.riscure.com/2018/content?show=training).

We saved 45k plus 5k measurements from the same device (device C, I guess, but you can confirm but comparing the keys and plaintexts). Because we realized that the CTF organizers removed the big set of traces (and kept small sets of 10k and 1k traces), we released (in our repository) the ones we used in our paper for reproducibility purposes.

[loccs-cp]

Thank you very much. The last question (sorry to bother you):

Do the 2000 points you select (corresponding to the processing of the first sbox) contain the leakage of both the mask value and the masked sbox output? Would you mind offering me the detailed location of the 2000 points in the raw trace? By the way, is the original 500k traces available in your laboratory (I can't download the traces from the CTF website)?

[AISyLab]

Hi,
I don't have these details precisely.
First, it is very likely that we compressed the traces (window resampling). Then we concatenated two intervals of the traces:

• First part containing the masks (I believe from sample 0 until the power profile became flat).
• Second part containing the 16 power profiles of first S-Box.

Could you please send me by email (G.Perin@tudelft.nl) a screenshot of one trace? It seems that the link from CHES CTF is broken for download. This way I can indicate to you the intervals we concatenated into 2000 samples and later made the z-score normalization.
In our lab, we don't have the 500,000 traces, but I will try to find them with former CHES CTF organizers.
Thanks