aboutsummaryrefslogtreecommitdiff

  +=---------------------------------------------------------------=+
  | paioli: power analysis immunity by offsetting leakage intensity |
  | <https://pablo.rauzy.name/sensi/paioli.html>                    |
  +=---------------------------------------------------------------=+

The paioli (Power Analysis Immunity by Offsetting Leakage Intensity)
tool is being developed as part of my PhD work. Its goal is to protect
assembly code against power analysis attacks such as DPA (differential
power analysis) and CPA (correlation power analysis), and to formally
prove the efficiency of the protection. To this end, it implements the
automatic insertion of a balancing countermeasure, namely DPL (dual-rail
with precharge logic), in assembly code (for now limited to bitsliced
block-cipher type of algorithms). Independently, it is able to
statically verify if the power consumption of a given assembly code is
correctly balanced with regard to a leakage model (e.g., the Hamming
weight of values, or the Hamming distance of values updates).

The name "paioli" comes from "Pablo's aioli".
See <https://en.wikipedia.org/wiki/Aioli> for more information.


INTSALL
=======

- paioli depends on:

  - OCaml <https://www.ocaml.org/> 3.12.1+
  - Batteries <http://batteries.forge.ocamlcore.org/> 2.1+
  - menhir <http://gallium.inria.fr/~fpottier/menhir/>
  - Sexplib <https://github.com/janestreet/sexplib> (upto 113.00.00)

  These dependencies can be easily installed using the OCaml
  Package Manager, OPAM <https://opam.ocaml.org/>, with:

    opam install batteries menhir sexplib.113.00.00

- Once the dependencies are installed, compile paioli with:

    ./build.sh

  which calls ocamlbuild and then buils the adapters.

USAGE
=====

- Command line options:

  paioli [options] <input-file>
    -bf Bit to use as F is DPL macros (default: 1)
    -bt Bit to use as T is DPL macros (default: 0)
    -po Less significant bit of the DPL pattern for DPL LUT access (default: 0)
    -cl Compact the DPL look-up table (LUT) if present
    -la Address in memory where to put the DPL LUT (default: 0)
    -r1 Register number of one of the three used by DPL macros (default: 20)
    -r2 Register number of one of the three used by DPL macros (default: 21)
    -r3 Register number of one of the three used by DPL macros (default: 22)
    -a  Adapter for custom assembly language
    -o  asm output (default: no output)
    -l  Only check syntax if present
    -d  Perform DPL transformation of the code if present
    -v  Perform leakage verification if present
    -s  Perform simulation if present
    -r  Register count for simulation (default: 32)
    -m  Memory size for simulation (default: 1024)
    -M  range of memory to display after simulation
    -R  range of registers to display after simulation

Pablo Rauzy — generated by cgit