https://hitcon.org/2015/ENT/PDF/Power%20Analysis%20Attacks_JP,%20YH.pdf
脆弱性主要来自第一轮AddRoundKey和SubBytes和ShiftRows
假设的密钥中的某一个字节和明文的对应位置异或再查找SBOX,hamming weight计算出这个过程中产生的假设的能量。假设的能量和真实的能量计算pearson相关系数(绝对值),假设的密钥变化时相关系数最大时,能量变化最接近,假设的密钥就是正确的。再用相同的方法破解出完整的密钥。
然而我并不会jwe aes 128 gcm解密,以为算错了,赛后看wp才知道怎么解密。TAT
import json
from base64 import urlsafe_b64decode
from binascii import hexlify
import numpy as np
from Crypto.Cipher import AES
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from scipy.stats import pearsonr
SBOX = [
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x