Overview

The method used here aims at assessing the leakage of the ESP32-C3.

Here, the encryption key is expected to be known. This is not an attack, but an attempt to answer the following questions:

• Does data leak?
• Where are the leakages located?

To do so, the state array of the AES-128 encryption block using the $K_E$ key is computed at various points.

More specifically, this state is computed after each of the following standard operations:

• $AddRoundKey$
• $InvMixColumns$
• $InvShiftRows$
• $InvSBox$

For each of these 16-byte states, the power consumption of the device is modeled with a simple Hamming weight method.

$$H = HW(state)$$

This power consumption model is correlated against the measured power traces at each timestamp using a Pearson correlation coefficient.

Input Data

Power Traces

The captured data can be downloaded from here (8.73 GB).

poetry run measure config/capture/esp32c3.py \
                   esp32c3.zarr \
                   --gui-display # Optional

AES Key

The key flashed in the target’s fuses is available below, and can be downloaded here.

00000000: c636 c050 fc66 fd40 32b0 8c6b 0834 9342  [email protected]
00000010: 0f5a a370 00ec d68e ba01 4b90 e01d 5aa8  .Z.p......K...Z.

Results

# Perform assessment
poetry run analyze leakage-assessment esp32c3.zarr \
                   config/analysis/leakage_assessment.py \
                   flash_encryption_key.bin leakage_esp32c3.csv
# Plot results
poetry run plot plot-leakages leakage_esp32c3.csv

Observations

Judging from the peaks observed in the correlation values, it appears that most of the internal states do leak.

That being said, the correlations peaks following the $AddRoundKey$ operations are arguably not as clear as the ones observed for the other operations.

Additionally, the position of these leakages does make sense, with data corresponding to each round appearing in a chronological order.

These results can be compared to the ESP32-C6 Leakage Assessment.