Franz Heubach

An example showing the object-oriented API in a script on the left. The resulting plot of the power trace during measurement on the right.

ChipWhisperer Python API

NewAE Technology Inc. is dedicated to providing tools for performing embedded hardware security research, and making these tools widely available by not only minimizing the cost but also by keeping the designs open. These tools enable side-channel attacks to compromise security measures on hardware devices. NewAE's main tool chain, ChipWhisperer, includes software and numerous hardware devices. All the software and hardware is open-source and development is performed in the open.

I developed the new object-oriented Python application programming interface (API) for Chipwhisperer 4.0, together with the other software engineer on my team. This major version update marked the transition from using Qt as the graphical user interface (GUI) and an integrated API specifically for the Qt GUI, to a more Pythonic API that could be used comfortably within a Jupyter Notebook development environment. This transition was motivated by adding more and more Python scripting capabilities in the Qt GUI. The scripting interface began replacing capabilities of the Qt GUI and the original API began showing its age in its rigidity and coupling to the Qt GUI.

I wrote a major overhaul of the Python API, together with my team, including extensive documentation. The new API was an object-oriented Python API that supported interactive use in the python interpreter. This enabled a few important other features. The tutorials, which there are a lot of, could now be automatically tested for functionality. This was previously manual, taking a lot of work to verify that tutorials would not regress after changes to the API. Additionally, the API became more intuitive, and the documentation more comprehensive. The Qt GUI was dropped in favor of the Python API.

The API transition resulted in a more intuitive API, enabled clear and comprehensive documentation, reduced the maintenance burden, increased flexibility of the API, and enabled regression testing of our tutorial set. The trade-off was a steeper learning curve for the software. Our tutorials were designed to mitigate the impact of this, with numerous examples with each hardware configuration.

Technologies used

  • Python
  • Qt
  • Read The Docs
Documentation Contributions Tutorials