-
Notifications
You must be signed in to change notification settings - Fork 28
Examples
In order to demonstrate the functionality of PROLEAD, we provide some selected examples in the examples folder. More information regarding the interpretation of results is given under Results.
Each example is structured as follows:
- The
rtlfolder contains the rtl code in VHDL or Verilog. - The
gatefolder contains the resulting gate level netlist which is given as an input to PROLEAD. - The
resultsdirectory which is further divided intonormal_modeandcompact_modedirectories contains the usedconfig.setfile which encompasses all evaluation settings. In addition, we created an execution scriptrun.shfor each test case. To execute the script, just navigate into the respective folder and run./run.sh. Moreover,resultscontains all reports generated by PROLEAD. The main report is given asReport.datand builds the starting point for interpreting the results.
We summarize the evaluation results in the following table. We remark that the configuration can be slightly different compared to the paper. Note that different configurations may lead to different runtimes and memory requirements. Moreover, runtimes can be different when using another machine. All examples were performed in a Ubuntu 20.04 subsystem on a Windows 10 server with 544GB RAM and by using at most 48 cores.
| Design | Reference | Order | Secure | RAM (Compact) | Time (Compact) | RAM (Normal) | Time (Normal) |
|---|---|---|---|---|---|---|---|
| TI, PRESENT S-box, Uniform | [PMK+11] | 1 | ✔️ | 3.8GB | 30.6sec | 4.0GB | 0.1sec |
| TI, PRESENT S-box, Not uniform | [EGMP17] | 1 | ❌ | 3.5GB | 0.1sec | 3.5GB | 0.1sec |
| TI, AES S-Box | [MPL+11] | 1 | ✔️ | 6.3GB | 6.6min | 37.3GB | 3.6min |
| DOM, AES S-Box | [GMK16] | 1 | ✔️ | 6.3GB | 6.2min | 12.4GB | 2.1min |
| DOM, AES S-Box | [GMK16] | 2 | ✔️ | 8.4GB | 3.9h | 492.9GB | 3.7h |
| CMS, AES S-Box | [CRB+16] | 1 | ✔️ | 6.3GB | 8.7min | 38.4GB | 4.1min |
| CMS, AES S-Box | [CRB+16] | 2 | ✔️ | 8.8GB | 4.8h | 504.3GB | 5.4h |
| TI, nibble-serial PRESENT-80 | [PMK+11] | 1 | ✔️ | 36.9GB | 49.4min | 5.6GB | 2.3min |
| TI, nibble-serial PRESENT-80 | [EGMP17] | 1 | ❌ | 3.7GB | 1.2sec | 3.9GB | 4.9sec |
| TI, byte-serial AES-128 | [MPL+11] | 1 | ✔️ | 78.4GB | 3.6h | 298.7GB | 1.2h |
| DOM, byte-serial AES-128 | [GMK16] | 1 | ✔️ | 47.7GB | 1.8h | 143.1GB | 28.4min |
| CMS, byte-serial AES-128 | [CRB+16] | 1 | ✔️ | 47.7GB | 1.8h | 263.7GB | 36.0min |
| NullFresh, Midori-64 | [SM21a] | 1 | ✔️ | 17.0GB | 20.2min | 127.9GB | 13.3min |
| NullFresh, PRESENT-80 | [SM21a] | 1 | ❌ | 7.0GB | 16.6sec | 3.8GB | 5.4sec |
| NullFresh, PRINCE | [SM21a] | 1 | ❌ | 18.6GB | 2.3min | 14.8GB | 4.1min |
| NullFresh, AES-128 | [SM21a] | 1 | ❌ | 5.5GB | 10.5sec | 78.8GB | 21.0min |
| Low-Latency Keccak-f[25] | [ZSS+21] | 1 | ❌ | 6.5GB | 49.8sec | 5.6GB | 22.2sec |
| Low-Latency Keccak-f[25] | [ZSS+21] | 2 | ❌ | 17.5GB | 3.1day | 531.9GB | 1.6day |
| Low-rand, LED-128, 3-stage | [BDMS22] | 2 | ❌ | 14.7GB | 30.4min | 201.5GB | 2.6h |
| GHPC gadgets, without optional regs | [KSM22] | 1 | ❌ | 3.5GB | 0.1sec | 3.5GB | 0.1sec |
| GHPC gadgets, with optional regs | [KSM22] | 1 | ✔️ | 4.1GB | 49.6sec | 3.5GB | 0.1sec |
Each example is structured as follows:
- The
sourcefolder contains the C/Assembly code and the used linker file. - The
binaryfolder contains the resulting binary, disassembled file and map file which is given as an input to PROLEAD. - The
resultsdirectory which is further divided intonormal_modeandcompact_modedirectories contains the usedconfig.setfile which encompasses all evaluation settings. In addition, we created an execution scriptrun.shfor each test case. To execute the script, just navigate into the respective folder, make the script executable and run./run.sh. Moreover,resultscontains all reports generated by PROLEAD. The main report is given asReport.datand builds the starting point for interpreting the results.
We summarize the evaluation results in the following table. The config.set in each directory describes the settings used for the evaluation of the testcases in our paper. Furthermore in our paper we ceased an evaluation if we identify significant leakage that increases after every simulation. We have set the border to abort the evaluation when we crossed a g-value of 100. The table entries from ISW to PFE describe the security definitions that were defined during the construction of the CPU-independent leakage model in the paper. We remark that the configuration can be slightly different compared to the paper. Note that different configurations may lead to different runtimes and memory requirements. Moreover, runtimes can be different when using another machine. All examples were performed in a Ubuntu 20.04 subsystem on a Windows 10 server with 544GB RAM and by using at most 30 cores. We compiled the source files with the 9-2019-q4-major arm-none-eabi-gcc version.
| Design | Reference | Order | ISW | MOE | MRE | BIL | NLE | PRO | PFE | RAM (Normal) | Time (Normal) |
|---|---|---|---|---|---|---|---|---|---|---|---|
| AES, RP | [RP10] | 1 | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 5.5GB | 14sec |
| AES, Htable | [Cor14] | 1 | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 9.5GB | 1min |
| AES, IPM | [CCG+21] | 1 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 13GB | 35min |
| AES, FLR | [CGZ20] | 1 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 5.8GB | 22sec |
| AES, ANSSI | [FMPR10] | 1 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | 21GB | 17min |
| SecADD | [BC22] | 1 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | 18.3GB | 27min |
| SecB2AModp | [BC22] | 1 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | 123GB | 21h |
| SecA2BModp | [BC22] | 1 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | 45GB | 10min |
| PRESENT | [GD22] | 1 | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ | 14GB | 4min |
| Keccak-f1600 | [GD22] | 1 | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | 95GB | 29min |
| Keccak-f800 | [GD22] | 1 | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | 45GB | 14min |
| Quadratic Class | [GD22] | 1 | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ❌ | 8GB | 3min |