Hello everyone,
As the title mentioned, this always confuses me. For example,
0x34 and 0x07 share the same Hamming Weight, 3. Then how could we recover them from this same Hamming Weight?
Alan.
You are right, but a CPA attack (for example) is a little bit more involved than that.
We have a brief write-up here: https://wiki.newae.com/Correlation_Power_Analysis
I also recommend this paper: https://iacr.org/archive/ches2004/31560016/31560016.pdf
Jean-Pierre
1 Like
What is important here and what Jean-Pierre is probably hinting at is the combination of two points:
- We aim our model at memory that is based on both the key and the plain text. Since, we already know the plain data, we can than guess (parts of) the key.
- We do multiple traces. If we do multiple traces of different plain texts, the hamming weight equalities won’t matter. This is because wrong key guesses probably won’t have the same hamming weight for another trace.
I hope that clarifies it a bit more.
1 Like