Hello,
I see that the CPA attacks (as well as the template based profiling attacks) on the CW303 XMEGA Target are performed using the Hamming weight (HW) model.
I am not sure if HW model is the best suited, compared to the Hamming Distance (HD) model.

Can someone kindly explain why HW model is being used for the attack? I would presume that HW is suitable for devices with pre-charge phase (dynamic logic).

The Hamming Distance is what is being leaked by the microcontroller. The assumption we’re making is that the Hamming Weight of the number we’re looking for is the same as the Hamming Distance that we’re measuring. You’re right the reason this is a valid assumption is because the data lines are all reset/set before they’re set to a new value.

I believe microcontrollers typically use dynamic CMOS since it’s faster and uses fewer transistors than static CMOS. I don’t think the attack would even work as is, since the Hamming Distance would also be affected by the input to the XOR (would still be possible, you’d just have to keep track of what you’re sending for the analysis).