# Challenge Rule
## Goal
There are four test datasets (1 public & 3 private). The goal is to train a neural network that can recover the secret key for all datasets with the least number of traces as possible. Our focus will be on targeting the first byte (i.e. byte $$0$$) processed by the S-box in the initial round of AES. \
We will be using $$ge\_{+ntge}$$ to evaluate your score, see below.
Are you ready? Head over to [Getting Started ](/ches-challenge-2025/getting-started/readme.md)and start training those neural networks!
## Attack Metric
The challenge objective is to train a neural network $$\mathcal{F}$$, to recover a secret key byte with the least number of attack traces under the profiled setting.\
Formally, suppose the neural network outputs a probability score for each hypothetical sensitive value for each attack trace $$\boldsymbol{t}$$, i.e. $$\boldsymbol{y} = \mathcal{F}(\boldsymbol{t})$$.\
Then, during the attack phase, the log likelihood score is computed for each key $$k\in \mathcal{K}$$ as,
$$
score(k) = \sum\_{i=1}^{N\_a} \log (\boldsymbol{y\_i}\[\boldsymbol{z\_{i,k}}])
$$
where $$N\_a$$ is the number of attack traces used and $$\boldsymbol{z\_{i,k}}$$ is the sensitive value based on the key $$k$$ and the public variable $$pt\_i$$ (i.e. $$z\_{i,k}=Sbox(pt\_i\oplus k)$$ or $$HW(Sbox(pt\_i\oplus k))$$).\
The log-likelihood scores are then sorted into a guess vector $$\boldsymbol{G} = \[G\_0, G\_1, \dots, G\_{|\mathcal{K}|-1}]$$, where $$G\_0$$ is the most likely key candidate while $$G\_{|\mathcal{K}|-1}$$ is the least likely key candidate.\
The index of $$\boldsymbol{G}$$ is called the rank of the key.\
The Guessing Entropy ($$GE$$) is defined as the average key rank over multiple experiments.\
**In this challenge, an attack is successful when** $$GE = 0$$ **over 100 experiments.**
To assess neural network performance, the metric $$NTGE$$ was proposed in \[1]. It is defined as the minimum number of test traces a profiling model needs before its $$GE$$ stabilizes to $$0$$ and stays there — meaning the correct key is consistently ranked first.
In this challenge, we rank the submissions using the metric $$ge\_{+ntge}$$ proposed by \[2] which considers both $$GE$$ and $$NTGE$$ into one metric:
$$
\text{$ge\_{+ntge}$} = \begin{cases}
NTGE & \text{if } GE = 0,\\
GE + N\_a + c & \text{otherwise}\
\end{cases}
$$
where $$c$$ is a positive constant.\
In our challenge, we assign $$c = 100,000$$ for unsuccessful key recovery.\
**Your primary objective is to achieve the smallest average** $$ge\_{+ntge}$$ **across the four datasets (1 public and 3 private).**
## Rules
1. You can play individually or as a team.
2. The submitted code should be following the PyTorch version 2.7.0 () or Tensorflow version 2.19.0 () and the libraries in the requirements.txt given (see [Getting Started](/ches-challenge-2025/getting-started/readme.md)).
3. No additional libraries should be installed. Any submission not adhering to the correct version will be eliminated.
4. Evaluation time of the attack is up to 4 hours (excluding profiling).\
The evaluation will be running on Intel(R) Xeon(R) W-2123 CPU @ 3.60GHz, NVIDIA Quadro P6000 GPU, 64GB memory. Each datasets will be evaluated with $$100,000$$ attack traces.
5. We will only be targeting first byte of the key in this challenge i.e., byte $$0$$. Submission targeting other key bytes will not be considered for scoring and ranking.
6. Each submission is limited to one attack. You are allowed to make multiple submissions.\
Please set `total_nb_attack_traces = 100000` and `nb_attack_traces = 100000` to compare with the baseline model.
7. The team name will be posted in the leaderboard. Code/attack will not be publicly shown throughout the challenge.
8. At the end of the challenge, the winners' names, along with their code/attack, will be publicly announced. Please note that to claim their cash prize, winners must consent to the disclosure of their identity.
9. When we receive a submission, an acknowledgment will be sent within two working days. If the attack is successful, it will be reflected on the leaderboard once the results are validated.
10. Submission will close on 15 August 2025, 23:59:59 AoE. Submission received after this deadline will not be considered for the challenge.
## Prizes
* The teams with the top three scores will earn cash prizes.
* The prizes will be given as follows:
* First prize: $$$1000$$
* Second prize: $$$600$$
* Third prize: $$$400$$
* The awarded teams will be asked to send a short description of their attacks. Teams cannot win more than one award.
## References
1. Zaid, G., Bossuet, L., Habrard, A., & Venelli, A. (2019). Methodology for Efficient CNN Architectures in Profiling Attacks. *IACR Transactions on Cryptographic Hardware and Embedded Systems*, *2020*(1), 1-36.
2. Yap, T., Bhasin, S., Weissbart, L. (2025). Train Wisely: Multifidelity Bayesian Optimization Hyperparameter Tuning in Deep Learning-Based Side-Channel Analysis. In: Eichlseder, M., Gambs, S. (eds) Selected Areas in Cryptography – SAC 2024. SAC 2024. Lecture Notes in Computer Science, vol 15517. Springer, Cham.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://pace-tl.gitbook.io/ches-challenge-2025/quickstart-4.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.