Date: 29 Jan 2002

Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards


A new kind of cryptanalytic attacks, targeted directly at the weaknesses of a cryptographic algorithm’s physical implementation, has recently attracted great attention. Examples are timing, glitch, or poweranalysis attacks. Whereas in so-called simple power analysis (SPA for short) only the power consumption of the device is analyzed, differential power analysis (DPA) additionally requires knowledge of ciphertext outputs and is thus more costly. Previous investigations have indicated that SPA is little threatening and moreover easy to prevent, leaving only DPA as a serious menace to smartcard integrity. We show, however, that with careful experimental technique, SPA allows for extracting sensitive information easily, requiring only a single power-consumption graph. This even holds with respect to basic instructions such as register moves, which have previously not been considered critical. Our results suggest that SPA is an effective and easily implementable attack and, due to its simplicity, potentially a more serious threat than DPA in many real applications.