Differential Power Analysis Model and Some Results
CMOS gates consume different amounts of power whether their output has a falling or a rising edge. Therefore the overall power consumption of a CMOS circuit leaks information about the activity of every single gate. This explains why, using differential power analysis (DPA), one can infer the value of specific nodes within a chip by monitoring its global power consumption only.
We model the information leakage in the framework used by conventional cryptanalysis. The information an attacker can gain is derived as the autocorrelation of the Hamming weight of the guessed value for the key. This model is validated by an exhaustive electrical simulation.
Our model proves that the DPA signal-to-noise ratio increases when the resistance of the substitution box against linear cryptanalysis increases.
This result shows that the better shielded against linear cryptanalysis a block cipher is, the more vulnerable it is to side-channel attacks such as DPA.
KeywordsDifferential power analysis (DPA) DPA model DPA electrical simulation substitution box (S-Box) DPA signal-to-noise ratio cryptanalysis
- M. Akkar and C. Giraud. An Implementation of DES and AES secure against Some Attacks. Proc. of CHES’01, (2162):309–318, 2001.Google Scholar
- Ross J. Anderson. Serpent website (former candidate to the AES), 1999. http://www.cl.cam.ac.uk/~rja14/serpent.html.
- Eric Brier, Christophe Clavier, and Francis Olivier. Optimal statistical power analysis. 2003. http://eprint.iacr.org/.
- K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic Analysis: Concrete Results. Proc. of CHES’01, 2162:251–261, 2001.Google Scholar
- L. Goubin and J. Patarin. DES and Differential Power Analysis: The Duplication Method. Proc. of CHES’99, (1717):158–172, 1999.Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis: Leaking Secrets. Proc. of CRYPTO’99, 1666:388–397, 1999.Google Scholar
- M. Matsui. Linear cryptanalysis method for DES cipher. Proc. of Eurocrypt’93, (765):386–397, 1994.Google Scholar
- Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan. Investigations of Power Analysis Attacks on Smartcards. USENIX Workshop on Smartcard Technology, pages 151–162, May 1999.Google Scholar
- Elisabeth Oswald. On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD thesis, may 2003. http://www.iaik.tu-graz.ac.at/aboutus/people/oswald/papers/PhD.pdf.
- K. Tiri and I. Verbauwhede. Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology. Proc. of CHES’03,2779: 126–136, 2003.Google Scholar