Aes cpa attack : HD vs HW, implementation

Hi Colin,

I am trying to understand why attack using the Hamming Distance model doesn’t success to expose the secret key, while using HW model was successful.

I am running the built-in CPA attack on AES 128 on the XMEGA target of the ChipWhisperer .
It works (exposes the key) with the default code in, which use HW model:
leak_model = AES128_8bit( SBox_output )
attack.setAnalysisAlgorithm(CPAProgressive, leak_model)
However, when I change to HD : leak_model = AES128_8bit( SBoxInOutDiff ) it doesn’t expose the key.

Where can the compiled C code/ assembly code in order to understand exactly where are the SboxInput and Sboxoutput variables are stored? are they stored in different registers? same register? are the registers reset to a 0/1 value between the clock cycles?

I would like to get information/sources about the implementation that would help me understand why using the hamming distance model doesn’t work.

Thank you in advance!

If you follow any of the tutorials that build target firmware, you should be able to find said firmware (e.g. hardware/victims/firmware/simpleserial-aes). The assembly is there for you to inspect and answer all those questions.