Univariate side channel attacks and leakage modeling

  • Julien Doget
  • Emmanuel Prouff
  • Matthieu Rivain
  • François-Xavier Standaert
Regular Paper


Differential power analysis is a powerful cryptanalytic technique that exploits information leaking from physical implementations of cryptographic algorithms. During the two last decades, numerous variations of the original principle have been published. In particular, the univariate case, where a single instantaneous leakage is exploited, has attracted much research effort. In this paper, we argue that several univariate attacks among the most frequently used by the community are not only asymptotically equivalent, but can also be rewritten one in function of the other, only by changing the leakage model used by the adversary. In particular, we prove that most univariate attacks proposed in the literature can be expressed as correlation power analyses with different leakage models. This result emphasizes the major role plays by the model choice on the attack efficiency. In a second point of this paper, we hence also discuss and evaluate side channel attacks that involve no leakage model but rely on some general assumptions about the leakage. Our experiments show that such attacks, named robust, are a valuable alternative to the univariate differential power analyses. They only loose bit of efficiency in case a perfect model is available to the adversary, and gain a lot in case such information is not available.


Side channel attack Correlation Regression Model 


  1. 1.
    Kocher P., Jaffe J., Jun B.: Differential power analysis. In: Wiener, M. (eds) Advances in Cryptology—CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Berlin (1999)Google Scholar
  2. 2.
    Messerges T.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç., Paar, C. (eds) Cryptographic Hardware and Embedded Systems—CHES 2000. Lecture Notes in Computer Science, vol. 1965., pp. 238–251. Springer, Berlin (2000)CrossRefGoogle Scholar
  3. 3.
    Brier E., Clavier C., Olivier F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds) Cryptographic Hardware and Embedded Systems—CHES 2004 Lecture Notes in Computer Science, vol 3156., pp. 16–29. Springer, Berlin (2004)CrossRefGoogle Scholar
  4. 4.
    Le T.H., Clédière J., Canovas C., Robisson B., Servière C., Lacoume J.L.: A proposition for correlation power analysis enhancement. In: Goubin, L., Matsui, M. (eds) Cryptographic Hardware and Embedded Systems—CHES 2006. Lecture Notes in Computer Science, vol. 4249, pp. 174–186. Springer, Berlin (2006)CrossRefGoogle Scholar
  5. 5.
    Bévan R., Knudsen E.: Ways to enhance power analysis. In: Lee, P., Lim, C. (eds) Information Security and Cryptology—ICISC 2002. Lecture Notes in Computer Science, vol. 2587, pp. 327–342. Springer, Berlin (2002)Google Scholar
  6. 6.
    Mangard, S., Oswald, E., Standaert, F.X.: One for All—All for One: Unifying Standard DPA Attacks. Cryptology ePrint Archive, Report 2009/449 (2009)., to appear in IET Information Security
  7. 7.
    Schindler W., Lemke K., Paar C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J., Sunar, B. (eds) Cryptographic hardware and embedded systems—CHES 2005. Lecture Notes in Computer Science, vol 3659., Springer, Berlin (2005)Google Scholar
  8. 8.
    Messerges, T.: Power analysis attacks and countermeasures for cryptographic algorithms. PhD thesis, University of Illinois (2000)Google Scholar
  9. 9.
    Brier, E., Clavier, C., Olivier, F.: Optimal statistical power analysis. Cryptology ePrint Archive, Report 2003/152 (2003)Google Scholar
  10. 10.
    Coron, J.S., Giraud, C., Prouff, E., Rivain, M.: Attack and improvement of a secure s-box calculation based on the Fourier transform. [23] 1–14Google Scholar
  11. 11.
    Golić J., Tymen C.: Multiplicative masking and power analysis of AES. In: Kaliski, B., Koç, Ç., Paar, C. (eds) Cryptographic Hardware and Embedded Systems—CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 198–212. Springer, Berlin (2002)Google Scholar
  12. 12.
    Standaert F.X., Gierlichs B., Verbauwhede I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P.J., Cheon, J.H. (eds) Information Security and Cryptology—ICISC 2008 Lecture Notes in Computer Science, vol 5461., pp. 253–267. Springer, Berlin (2008)Google Scholar
  13. 13.
    Prouff E., Rivain M., Bévan R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Mangard S., Oswald E., Popp T.: Power Analysis Attacks—Revealing the Secrets of Smartcards. Springer, Berlin (2007)Google Scholar
  15. 15.
    Lemke-Rust, K.: Models and algorithms for physical cryptanalysis. PhD thesis, Ruhr-Universität-Bochum, Germany (2007)Google Scholar
  16. 16.
    Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. Advances in Cryptology—EUROCRYPT 2011 (2011)Google Scholar
  17. 17.
    Duan C., Calle V.H.C., Khatri S.P.: Efficient on-chip crosstalk avoidance CODEC design. IEEE Trans. VLSI Syst. 17(4), 551–560 (2009)CrossRefGoogle Scholar
  18. 18.
    Moll F., Roca M., Isern E.: Analysis of dissipation energy of switching digital CMOS gates with coupled outputs. Microelectr. J. 34(9), 833–842 (2003)CrossRefGoogle Scholar
  19. 19.
    Agrawal D., Rao J., Rohatgi P.: Multi-channel attacks. In: Walter, C., Koç, Ç., Paar, C. (eds) Cryptographic Hardware and Embedded Systems—CHES 2003. Lecture Notes in Computer Science, vol 2779, pp. 2–16. Springer, Berlin (2003)CrossRefGoogle Scholar
  20. 20.
    Bishop C.M.: Pattern Recognition and Machine Learning (Information Science and Statistics), 1 edn. Springer, Berlin (2007)Google Scholar
  21. 21.
    Mangard S.: Hardware countermeasures against DPA—a statistical analysis of their effectiveness. In: Okamoto, T. (eds) Topics in Cryptology—CT-RSA 2004. Lecture Notes in Computer Science, vol. 2964, pp. 222–235. Springer, Berlin (2004)Google Scholar
  22. 22.
    Standaert, F.X., Archambeau, C.: Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages, [23] pp. 411–425Google Scholar
  23. 23.
    Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2008. In: Oswald, E., Rohatgi, P. (eds.) Proceedings of 10th International Workshop, Washington, DC, USA, August 10–13, 2008. Lecture Notes in Computer Science, vol. 5154. Springer, Berlin (2008)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  • Julien Doget
    • 1
    • 2
    • 3
  • Emmanuel Prouff
    • 1
  • Matthieu Rivain
    • 4
  • François-Xavier Standaert
    • 2
  1. 1.Oberthur TechnologiesNanterreFrance
  2. 2.Université Catholique de Louvain-la-Neuve, UCL Crypto GroupLouvain-la-NeuveBelgium
  3. 3.Département de MathématiquesUniversité Paris 8Saint-DenisFrance
  4. 4.CryptoExpertsParisFrance

Personalised recommendations