In each round we calculate the S-Box substitution of each byte i.e. $SBox(m_t \oplus k_t)$ Where $m_t$ is the $t$-th byte of the message, and $m_t$ is the $t$-th byte of the key.

We can model the power consumption of this operation by Hamming Weight i.e. $HW(SBox(m_t \oplus k_t ))$ So if we can obtain an average power consumption of operating on let’s say the first byte, over a bunch of messages. Then with that average we can correlate it to find

For each sample message, we calculate the hamming weight of the S-Box result of the first byte against each hypothetical first key byte.

E.g. we might say that for the message byte A6 and key byte 00 we would have a Hamming Weight of 08 and, for a key byte 01 we would have A3, etc.

Then we arrange each trace into a table, s.t. each row is the trace of one message, and each column is the same point in time for each trace.

Then we iterate over the trace table columns, looking for one which has a high correlation with a column in the Hamming Weight table.

The column number in the Hamming Weight table with the correlation is the key byte!

Optimisations

Numpy broadcasting