pyecsca.sca.re.rpa module

Provides functionality inspired by the Refined-Power Analysis attack by Goubin [RPA].

class MultipleContext[source]

Bases: Context

Context that traces the multiples of points computed.

neutral: Optional[Point][source]

The neutral point used in the computation.

base: Optional[Point][source]

The base point that all the multiples are counted from.

points: MutableMapping[Point, int][source]

The mapping of points to the multiples they represent (e.g., base -> 1).

parents: MutableMapping[Point, List[Point]][source]

The mapping of points to their parent they were computed from.

formulas: MutableMapping[Point, str][source]

The mapping of points to the formula types they are a result of.

inside: bool[source]
enter_action(action)[source]

Enter into an action (i.e. start executing it).

Parameters:

action (Action) – The action.

Return type:

None

exit_action(action)[source]

Exit from an action (i.e. stop executing it).

Parameters:

action (Action) – The action.

Return type:

None

rpa_point_0y(params)[source]

Construct an (affine) [RPA] point (0, y) for given domain parameters.

Return type:

Optional[Point]

rpa_point_x0(params)[source]

Construct an (affine) [RPA] point (x, 0) for given domain parameters.

Return type:

Optional[Point]

rpa_input_point(k, rpa_point, params)[source]

Construct an (affine) input point P that will lead to an RPA point [k]P.

Return type:

Point

rpa_distinguish(params, multipliers, oracle, bound=None, tries=10, majority=1, use_init=True, use_multiply=True)[source]

Distinguish the scalar multiplier used (from the possible multipliers) using an [RPA] oracle.

Parameters:

  • params (DomainParameters) – The domain parameters to use.

  • multipliers (List[ScalarMultiplier]) – The list of possible multipliers.

  • oracle (Callable[[int, Point], bool]) – An oracle that returns True when an RPA point is encountered during scalar multiplication of the input by the scalar.

  • bound (Optional[int]) – A bound on the size of the scalar to consider.

  • tries (int) – Number of tries to get a non-trivial tree.

  • majority (int) – Query the oracle up to majority times and take the majority vote of the results.

  • use_init (bool) – Whether to consider the point multiples that happen in scalarmult initialization.

  • use_multiply (bool) – Whether to consider the point multiples that happen in scalarmult multiply (after initialization).

Return type:

Set[ScalarMultiplier]

Returns:

The list of possible multipliers after distinguishing (ideally just one).

class RPA(configs)[source]

Bases: RE

RPA-based RE.

tree: Optional[Tree] = None[source]

The RE tree (if any).

configs: Set[Any][source]

The set of configurations to reverse-engineer.

params: Optional[DomainParameters] = None[source]

The domain parameters to use.

P0: Optional[Point] = None[source]

The zero-coordinate point that will be used in the RE.

scalars: Optional[List[int]] = None[source]

A list of scalars that will be used in the RE.

build_tree(params, tries=10, bound=None, use_init=True, use_multiply=True)[source]

Build an RPA distinguishing tree.

Parameters:

  • params (DomainParameters) – The domain parameters to use.

  • tries (int) – Number of tries to get a non-trivial tree.

  • bound (Optional[int]) – A bound on the size of the scalar to consider.

  • use_init (bool) – Whether to consider the point multiples that happen in scalarmult initialization.

  • use_multiply (bool) – Whether to consider the point multiples that happen in scalarmult multiply (after initialization).

run(oracle, majority=1)[source]

Run the RPA-RE with an oracle.

Parameters:

  • oracle (Callable[[int, Point], bool]) – An oracle that returns True when an RPA point is encountered during scalar multiplication of the input by the scalar.

  • majority (int) – Query the oracle up to majority times and take the majority vote of the results.

Return type:

Set[ScalarMultiplier]

Returns:

The set of possible multipliers.