HD vs HW in aes cpa attack


Hi Colin,
I’m trying to understand the difference between HW and HD in aes cpa attack.I only started working with ChipWhisperer and i’m new to all of it.
I am running the built-in CPA attack on AES 128 on the XMEGA target of the ChipWhisperer .

It works (exposes the key) with the default code in attack_cpa.py, which use HW model:
leak_model = AES128_8bit(SBox_output)
attack.setAnalysisAlgorithm(CPAProgressive, leak_model)

However, when I change to HD : leak_model = AES128_8bit(SBoxInOutDiff) it doesn’t expose the key.
I’m trying to understand exactly why, It would be very helpful to see your explanation.

This is what I was thinking, not sure if it’s correct but I would like to hear if it can explain the difference:
having this formula- HD(in,out)= HD(p^k,s(p^k)) = HW(in^out)=HW ( p^k ^ s(p^k)) , in the analyze part all the parameters should be known in the SW- for every guess we know k-the key, p-the plaintext, and s-the sbox output, is the problem in the capture part, that we don’t have a corresponding measurement to relate our guesses to?
In HW model in the capture part we measure power which we assume equals to HW(s(p^k)) and then in the analysis part we try all different keys for this p and calculate by SW HW(s(p^k))- if the values match we found the key.
However in the HD model: in the capture part our measurement stays the same- measuring -the power that represents the HW(s(p^k)) but unlike HW model in HD we cant compare the calculation HW ( p^k ^ s(p^k)) to the measurement directly because we have HW(s(p^k) and not the value s(p^k).

Thank you in advance!


Hi Yuval,

The reason that hamming weight is used instead of hamming distance is because microcontrollers typically reset the state of the bus lines to a middle value in between data updates to lower average power consumption, meaning you’re finding the hamming distance between the SBox output and 0 (which is just the hamming weight).

The full hamming distance model is a lot more useful when attacking hardware AES, where this isn’t the case. This makes the attack harder, since you need to also consider what the data lines were both before an operation and after.