Calls: Send in your ideas. Deadline October 1st, 2022.

Supersizing the Gun

Chipwhisperer open hardware for side channel analysis

ChipWhisperer is an open hardware and software toolchain that has been a mainstay of hardware security research. ChipWhisperer is used in academic curricula and in industrial R&D implementation security research labs for high speed side-channel power analysis and glitching attacks. The objective of this project is to explore design changes to the current ChipWhisperer hardware, so as to allow capturing of longer power analysis traces and to cater to higher clock speeds than currently supported. Here, the intent is to make it easier to perform side-channel-related analysis of public-key algorithms, without the need to artificially break down the algorithms into multiple components due to platform constraints. This allows for more realistic and practically relevant attacks. This project additionally entails the development of fine-grained post-processing tools, which would make further analysis of captured traces of public-key algorithms easier.

Ultimately, the goal is to work towards candidate post-quantum algorithms, which are known to be more resource-hungry. The project funded by NGI Zero would specifically target design changes to considerably increase the sampling rate (towards 200-250 MS/s) and to provide for a streaming mode (initially envisioned to be roughly 15-30 MS/s). It includes both a new hardware design and a significant update to the current open-source software of the ChipWhisperer platform, as well as demonstration of how to successfully use this with practically relevant ECC public-key algorithms.

Why does this actually matter to end users?

Computers are surprising things. We like to think we understand them completely and can program our systems to do only what we tell them to. But in practice, things are never that simple. Once a device is turned on and given a range of complicated tasks, processes start to get tangled and can produce unexpected side effects. This can for example impact the security of your system, where the usual barriers and checks suddenly are bypassed in an instant, or a locked down process starts leaking critical data.

Some of these interesting surprises are used for so-called side-channel attacks, where you try to gain access to a system using information about how it is running. For example, you measure how long it takes for a computer to process a password, or what power it consumes for a particular task. Studying these side-channels can give unexpected access to critical information that provide access.

ChipWhisperer is an open hardware and software project that is well-known in security research of side-channel analysis, for example to analyze a device's power usage for important information. This project aims to improve the capabilities of ChipWhisperer to make it easier to capture traces of so-called public-key cryptography, which is used everywhere on the internet for encryption, authenticity and integrity. Ultimately ChipWhisperer should be able to analyze post-quantum algorithms, since quantum computers are known to be able to break certain public key cryptography schemes. We need to understand the vulnerabilities of these widely used security measures to make internet technology safe and usable.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

This project is archived. Due to circumstances, the project as planned did not take place. This page is left as a placeholder, for transparency reasons and to perhaps inspire others to take up this work.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.