Hi Colin,
I am trying to understand why attack using the Hamming Distance model doesn’t success to expose the secret key, while using HW model was successful.
I am running the built-in CPA attack on AES 128 on the XMEGA target of the ChipWhisperer .
It works (exposes the key) with the default code in attack_cpa.py, which use HW model:
leak_model = AES128_8bit( SBox_output )
attack.setAnalysisAlgorithm(CPAProgressive, leak_model)
However, when I change to HD : leak_model = AES128_8bit( SBoxInOutDiff ) it doesn’t expose the key.
Where can the compiled C code/ assembly code in order to understand exactly where are the SboxInput and Sboxoutput variables are stored? are they stored in different registers? same register? are the registers reset to a 0/1 value between the clock cycles?
I would like to get information/sources about the implementation that would help me understand why using the hamming distance model doesn’t work.
Thank you in advance!
Yuval