| CARVIEW |
Welcome to the Spook SCA CTF
The Spook Side-Channel Analysis Capture the Flag challenge (Spook SCA CTF) is a side-channel cryptanalysis challenge against masked implementations of the Clyde-128 Tweakable Block Cipher (TBC) which is used in the Spook AEAD encryption scheme (and has to be strongly protected against side-channel attacks if leveled implementations are considered).
Different targets are proposed in parallel, both in software and in hardware, corresponding to masked implementations with various number of shares. Challengers are provided with the source code of the implementations (C in software and Verilog in hardware/FPGA), a tool to predict intermediate values of the hardware implementation, profiling sets of traces including the nonces, (random) keys, (random) plaintexts and the randomness used for masking, test sets of traces corresponding to a few fixed keys (without the masking randomness), and finally prototype attacks against a single byte of the secret key for exemplary targets.
The goal of the challenge is to modify and improve the prototype attacks. The submitted attacks will be rated based on the number of measurements needed to reduce the rank of the master key below 2^32 using a rank estimation algorithm. All the attacks submitted will be made public to all challengers under an open-source license.
- Contest rules
- Target Implementations:
-
Data sets:
- The datasets are now archived in UCLouvain open-data repository. The other download methods are not guaranteed to work.
- The datasets are available through the WebDAV protocol at davs://anonymous@enigma.elen.ucl.ac.be:2744/ctf-spook/ctf_traces1 (no password).
- Alternatively, we also provide a simple http download bash script (uses curl).
- These spook CTF datasets are made available under the Open Database License. Any rights in individual contents of the database are licensed under the Database Contents License.
- A demo submission is provided to demonstrate the expected file formats and interfaces. This demo attacks (suboptimally) the weakest SW and HW targets, demonstrating usage of some itermediate values modelling scripts. Feel free to re-use anything from this package in your submission.
- The evaluation framework (v2) enable submitters to assess the validity of their submission package. No feedback is therefore given on a submission prior to the chosen deadline.
- The contest is finished, submissions are closed, but the dataset is still available!
- Hall of Fame
- FAQ
- Mailing list for public discussion, technical support and announcements from the organisers (registration).
Prizes: Belgian chocolate and beers. Since Clyde and Shadow (respectivaly the tweakable block cipher and permutation primitives of Spook) are named after PacMan characters – Clyde for its (masked) random behavior, Shadow for its fast / to the point behavior – special prizes for the most impactful side-channel cryptanalyses will follow this theme.
Organizers: Davide Bellizia, Olivier Bronchain, Gaetan Cassiers, Charles Momin, François-Xavier Standaert, Balazs Udvarhelyi.
Contact: For public matters, see the Mailing List above. Organizers email: firstname.lastname@uclouvain.be.