Good question; this is indeed counterintuitive. If you follow the Verilog source you’ll see that the k-dependent memory writes are blocked when k is high, not when it is low. Why that is, I don’t know. One would expect, based on a textbook implementation of point multiplication, for it to be the opposite. Now if I wanted to fully understand the nuts and bolts of this ECC implementation, I would figure out why. But this isn’t necessary for side-channel attacks. Or, to quote an excellent paper (also on ECC) that I recently read:
Details of the real implementation are not our concern here, a high-level understanding of the countermeasures is good enough.
So that is why zeros have a higher correlation.
Jean-Pierre