@chipquik I got the perfect traces for the SLE66. The secret is to find a reliable trigger and a way to align them properly. Below traces as is. I didn’t apply any transformations on them. Just shifted them to the reference’s zero point. It worth to say, the only 3-4% of the traces will be in sync. All other traces should be dropped.
@NewDwarf Well that’s good. In my case these traces are shuffled. However, in my opinion, shuffling is not the only layer of security implemented in my targets. SLE66 have many different variants. In my case, I use a system clock that is synchronized 1:1 and the smartcard does not use either PLL or VCO, but despite this, shuffling occurs. For example, aes128 can be scattered at large intervals. There are probably dummy delays added in code to make the attack more difficult. It is possible that in your case only masking is used.
Same in my case, but I applied the normalized cross correlation to pick up only similar traces and drop all other. The same approach can be applied to the AES traces where dummy instructions affect the original shape of the traces
These traces are from the pay TV smart card
Ok, now i understand you. I need to try it too…