This study investigates the effectiveness of Correlation Power Analysis (CPA) using the Hamming Weight model to extract AES encryption keys in a fully software-simulated environment. By leveraging Python programming, we emulate power traces not from hardware devices but through Hamming Weight calculations derived from byte-level operations during AES encryption. Simulated plaintexts are randomly generated, and key hypotheses are evaluated using Pearson correlation between expected bit-switching activity and simulated traces. The method achieved approximately 50% accuracy with just 10 plaintexts and up to 85% accuracy when using over 1,000 simulated inputs. Correlation coefficients above 0.90 were consistently observed for most key bytes. While the simulation avoids the complexity of real-world noise and hardware interference, it also lacks authentic electrical characteristics. This highlights both the novelty and the limitation of a software-only CPA framework. The findings underline the vulnerability of AES to side-channel attacks and suggest countermeasures like masking to reduce risk.

Hamming Weight, Correlation Power Analysis, AES, key recovery, Python simulation, Pearson correlation, countermeasures, cryptographic analysis

V. Saicheur and K. Piromsopa, “An implementation of AES-128 and AES-512 on Apple mobile processor,” in 2017 14th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), IEEE, Jun. 2017, pp. 389–392. doi: 10.1109/ECTICon.2017.8096255.

N. Aleisa, “A Comparison of the 3DES and AES Encryption Standards,” Int. J. Secur. Its Appl., vol. 9, no. 7, pp. 241–246, Jul. 2015, doi: 10.14257/ijsia.2015.9.7.21.

A. Arya and M. Malhotra, “Effective AES Implementation.,” Int. J. Electron. Commun. Eng. Technol., vol. 7, no. 1, pp. 01–09, 2016.

W. Unger, L. Babinkostova, M. Borowczak, and R. Erbes, “Side-channel Leakage Assessment Metrics: A Case Study of GIFT Block Ciphers,” in 2021 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), IEEE, Jul. 2021, pp. 236–241. doi: 10.1109/ISVLSI51109.2021.00051.

V. Z. González, E. Tena-Sanchez, and A. J. Acosta, “A Security Comparison between AES-128 and AES-256 FPGA implementations against DPA attacks,” in 2023 38th Conference on Design of Circuits and Integrated Systems (DCIS), IEEE, Nov. 2023, pp. 1–6. doi: 10.1109/DCIS58620.2023.10336003.

T. N. Quý and H. Q. Nguyễn, “An Efficient Correlation Power Analysis Attack Using Variational Mode Decomposition,” JST Smart Syst. Devices, vol. 31, no. 1, pp. 17–25, May 2020, doi: 10.51316/jst.150.ssad.2021.31.1.3.

Y. Wang, M. Stöttinger, and Y. Ha, “A Fault Resistant AES via Input-Output Differential Tables with DPA Awareness,” in 2021 IEEE International Symposium on Circuits and Systems (ISCAS), IEEE, May 2021, pp. 1–5. doi: 10.1109/ISCAS51556.2021.9401553.

J.-S. Ng et al., “A Highly Efficient Power Model for Correlation Power Analysis (CPA) of Pipelined Advanced Encryption Standard (AES),” in 2020 IEEE International Symposium on Circuits and Systems (ISCAS), IEEE, Oct. 2020, pp. 1–5. doi: 10.1109/ISCAS45731.2020.9180778.

T. Manoj Kumar and P. Karthigaikumar, “An Effective Software Based Method to Analyze SCA Countermeasures for Advanced Encryption Standard,” Wirel. Pers. Commun., vol. 123, no. 3, pp. 2937–2958, Apr. 2022, doi: 10.1007/s11277-021-09454-4.

T. Mizuno, H. Nishikawa, X. Kong, and H. Tomiyama, “Empirical Analysis of Power side-channel Leakage of High-level Synthesis Designed AES circuits,” Int. J. Reconfigurable Embed. Syst., vol. 12, no. 3, p. 305, Nov. 2023, doi: 10.11591/ijres.v12.i3.pp305-319.

I. Martinez-Diaz, A. Freyre-Echevarria, O. Rojas, G. Sosa-Gomez, and C. M. Legon-Perez, “Improved Objective Functions to Search for 8 × 8 Bijective S-Boxes With Theoretical Resistance Against Power Attacks Under Hamming Leakage Models,” IEEE Access, vol. 10, pp. 11886–11891, 2022, doi: 10.1109/ACCESS.2022.3145990.

C. M. Legón-Pérez et al., “Search-Space Reduction for S-Boxes Resilient to Power Attacks,” Appl. Sci., vol. 11, no. 11, p. 4815, May 2021, doi: 10.3390/app11114815.

B. Khadem, H. Ghanbari, and M. Moradnia, “Correlation Power Analysis Attack to Midori-64,” Aug. 2022. doi: 10.20944/preprints202208.0096.v1.

R. Rahim and A. Ikhwan, “Cryptography Technique with Modular Multiplication Block Cipher and Playfair Cipher,” Int. J. Sci. Res. Sci. Technol., vol. 2, no. 6, pp. 71–78, 2016.

K. Ramezanpour, P. Ampadu, and W. Diehl, “SCAUL: Power Side-Channel Analysis With Unsupervised Learning,” IEEE Trans. Comput., vol. 69, no. 11, pp. 1626–1638, Nov. 2020, doi: 10.1109/TC.2020.3013196.

I. Bow et al., “Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity,” Cryptography, vol. 4, no. 2, p. 13, Apr. 2020, doi: 10.3390/cryptography4020013.

C. Lu, Y. Cui, A. Khalid, C. Gu, C. Wang, and W. Liu, “A Novel Combined Correlation Power Analysis (CPA) Attack on Schoolbook Polynomial Multiplication in Lattice-based Cryptosystems,” in 2022 IEEE 35th International System-on-Chip Conference (SOCC), IEEE, Sep. 2022, pp. 1–6. doi: 10.1109/SOCC56010.2022.9908076.

V. Smith, M. Mendoza, and I. Ullah, “Data Security Techniques Using Vigenere Cipher And Steganography Methods In Inserting Text Messages In Images,” J. Inf. Syst. Technol. Res., vol. 3, no. 3, pp. 92–100, Sep. 2024, doi: 10.55537/jistr.v3i3.867.

P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, “Introduction to Differential Power Analysis,” J. Cryptogr. Eng., vol. 1, no. 1, pp. 5–27, Apr. 2011, doi: 10.1007/s13389-011-0006-y.

X. Fan, J. Tong, Y. Li, X. Duan, and Y. Ren, “Power Analysis Attack Based on Hamming Weight Model without Brute Force Cracking,” Secur. Commun. Networks, vol. 2022, pp. 1–11, Jun. 2022, doi: 10.1155/2022/7375097.

S. Mangard, “A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion,” 2003, pp. 343–358. doi: 10.1007/3-540-36552-4_24.

C. Herbst, E. Oswald, and S. Mangard, “An AES Smart Card Implementation Resistant to Power Analysis Attacks,” 2006, pp. 239–252. doi: 10.1007/11767480_16.

A. Al Hasib and A. A. M. M. Haque, “A Comparative Study of the Performance and Security Issues of AES and RSA Cryptography,” in 2008 Third International Conference on Convergence and Hybrid Information Technology, IEEE, Nov. 2008, pp. 505–510. doi: 10.1109/ICCIT.2008.179.

A. Ikhwan, R. A. A. Raof, P. Ehkan, Y. M. Yacob, and N. Aslami, “Implementation of image file security using the advanced encryption standard method,” vol. 31, no. 1, pp. 562–569, 2023, doi: 10.11591/ijeecs.v31.i1.pp562-569.

M. A. S. Pane, K. Saleh, A. Prayogi, R. Dian, R. M. Siregar, and R. Aris Sugianto, “Low-Cost CCTV for Home Security With Face Detection Base on IoT,” J. Inf. Syst. Technol. Res., vol. 3, no. 1, pp. 20–29, Jan. 2024, doi: 10.55537/jistr.v3i1.769.