Different traces for the same code on differnt boards

Hello,
I am running a bunch of code on different target boards using cwlite and stm32f3, stm32f4, and xmega. Surprisingly the traces are very different from each other., i.e., for xmega and stm32f3 the leakage can be seen (a loop through a table of 13 entries where I compare an element x to each entry and add 1 if the condition is satisfied otherwise I do not add 1. The addition of 1 can be seen in red. A bit flipping is also executed at the end and can be detected) however, in stm32f4, the secret data were difficult to read with a naked eye directly from the traces.
Is there an explanation of this observation?

Traces on STM32F3

Traces on STM32F4

Traces on XMEGA

Best,
Sou

It’s absolutely normal for the power traces to be different for different targets running the “same” code. That same C source code gets compiled to each target… even if the binaries were identical, they are then executed on targets that are in reality each very different from one another. Each target is a distinct collection of millions of transistors. Remember that when you are measuring power traces, you are measuring the power consumed by these millions of transistors.

It would be shocking if the opposite was true!

Thank you jp for your answer,
Does it mean that: A C implementation that is vulnerable against a power analysis attack, might be not vulnerable against the same power analysis attack when excuted on a different target?
Can you refer me to a “scheme” or a “documentation” of how these transistors or circuits in an stm32f3/4 board are designed?
Best,
Sou

That’s very unlikely. What is likely is that, like you’ve observed, power traces will look different. An attack which works on one target may need a tweak to work on a different target. This would usually be the case for “simple” power attacks. Other attacks - like our AES CPA attack - work across different targets without any modifications.

No, that would be highly proprietary information from the device maker. The good news is that this doesn’t matter for side-channel attacks. If you work your way through our Jupyter courses, you’ll start to understand why.