I have tried building a template model for AES_SBOX [Plaintext + Key] operation with AES-128.
Firstly, taken 10,000 number of traces for creating template with random plaintext and random key. For trace capturing, considered first round of AES which include byte substitution operation as well.
Followed all the steps mention under “B8 Profiling Attacks (Manual Template Attack)” to build the template.
Later for attacking the template, again captured 500 samples of traces with random plaintext and fixed key.
Once, applied the “log-maximum likelihood processing” on the template prepared, won’t able to recover the exact byte of key.
Need some support on this.