Hi Colin,
Can you tell the differences between the leakage models available in previous versions and the latest one. Does that affect the results anyway? Also tell us something about each models in CW 0.11RC1 tool.
Thanks
Hello,
The leakage models need to be documented still… but very briefly:
HW: AES SBox Output, First Round (ENC) = Output of the S-Box for AES Encryption, using Hamming Weight (i.e. standard software implementation)
HW: AES Inv SBox Output, First Round (DEC) = Output of Inverse S-Box for AES Decryption. This is basically the same as the previous one, but designed for working with a decryption operation instead of encryption.
HD: … there is a bunch of these, basically the number of bits in difference between the two stated locations. The HD operations vary a LOT for different physical implementations. For example the “last-round state” is the HD used in attacking the fully pipelined FPGA implementation such as the SAKURA-G. You can see some details on this leakage function at colinoflynn.com/2015/05/side-cha … ect-vault/ .