CW capture rev2 recovers main encryption key or round subkey?

Hi everyone,
I’m using chipwhisperer capture rev2 to attack the software AES implementation on the ATMega328P of the CW301 Multitarget board.

My question is, when I use the CW Analyzer tool, does it recover the main Encryption Key or it gives us a round key ? if it’s a round key, which one ? the first one?

How can we retrieve the main key from a subkey ? do we need to get all round keys and to use Key schedule algorithm to retrieve to main key ? or we just need the first round key ?

How does CW analyzer opere ?


Which round key you get depends on which leakage model you use. Software AES is usually attacked at the SBox output, which will give you the first round key, but hardware implementations are often attacked using the state difference between the last 2 rounds, giving you the last round key.

Any round key can be converted to another round using the key schedule algorithm. I’m not sure about old versions of ChipWhisperer, but new ones have a key_schedule_rounds() in analyzer/attacks/models/ that can convert the key from one round to another.


Exactly, in AES-128, the main key is used as first round key, so we just need to attack the output of the SBOX in software AES.
Thanks Alex !