Incorrect key for plaintext XOR leakage in AES

Hi, this is a question rather than an issue. I am trying Lab4_3 in SCA101 and it works as expected when attacking the SBOX lookup. But when I changed the leakage to:

leak_model = cwa.leakage_models.plaintext_key_xor

I get 9/16 of the key bytes as having a PGE of 1 rather than 0. I thought that maybe this had to do with the XOR operation not being the biggest power consumer during the AES encrypt. So I tried modifying simpleserial-base.c as follows:

uint8_t key[16] = {0};

uint8_t get_key(uint8_t* k, uint8_t len) {   
	for (int i=0; i<len; i++){
	    key[i] = k[i];
	return 0x00;

uint8_t get_pt(uint8_t* pt, uint8_t len) {

	for (int i=0; i<len; i++){
	    pt[i] = pt[i] ^ key[i];

	simpleserial_put('r', 16, pt);
	return 0x00;

In this case, I would think reading the key from memory would be the biggest power consumer and would match the plaintext_key_xor leakage function. But I am still getting 9/16 (the same ones) with a PGE of 1.

Is there something I am doing wrong? Or is there some way for me to change the setup to improve the results I am getting? I originally posted this as an GitHub issue, where Alex Dewar said

What you’re running into here is that, unlike with a non linear leakage model, the sign of the correlation actually matters here. I won’t go into much detail here (can discuss further on the forums if you’d like), but basically key and ~key have the exact same leakage, but the signs are flipped.

I don’t have a background in side-channel security. My focus is on computer hardware. Any help/suggestions/clarifications would be helpful.

Providing an answer here in case anyone else runs across this issue.

As suggested by @Alex_Dewar, key and ~key have the same absolute correlation value. But on the CWLITE-ARM platform, a ‘lower’ value corresponds to a stronger correlation (i.e, the PCC is closer to -1 for the right value). So I first multiplied cpaoutput by -1 before taking the max and I always get the right key now.

Good to hear that worked for you!

For a bit more context, the negative correlation here is the right one because an increase in power (aka the Hamming weight) results in a drop in voltage over the shunt (what we’re measuring).

1 Like