Differential Power Analysis Model and Some Results

  • Sylvain Guilley
  • Philippe Hoogvorst
  • Renaud Pacalet
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)


CMOS gates consume different amounts of power whether their output has a falling or a rising edge. Therefore the overall power consumption of a CMOS circuit leaks information about the activity of every single gate. This explains why, using differential power analysis (DPA), one can infer the value of specific nodes within a chip by monitoring its global power consumption only.

We model the information leakage in the framework used by conventional cryptanalysis. The information an attacker can gain is derived as the autocorrelation of the Hamming weight of the guessed value for the key. This model is validated by an exhaustive electrical simulation.

Our model proves that the DPA signal-to-noise ratio increases when the resistance of the substitution box against linear cryptanalysis increases.

This result shows that the better shielded against linear cryptanalysis a block cipher is, the more vulnerable it is to side-channel attacks such as DPA.


Differential power analysis (DPA) DPA model DPA electrical simulation substitution box (S-Box) DPA signal-to-noise ratio cryptanalysis 


  1. [1]
    M. Akkar and C. Giraud. An Implementation of DES and AES secure against Some Attacks. Proc. of CHES’01, (2162):309–318, 2001.Google Scholar
  2. [2]
    Ross J. Anderson. Serpent website (former candidate to the AES), 1999.
  3. [3]
    E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.CrossRefMathSciNetGoogle Scholar
  4. [4]
    Eric Brier, Christophe Clavier, and Francis Olivier. Optimal statistical power analysis. 2003.
  5. [5]
    Florent Chabaud and Serge Vaudenay. Links between Differential and Linear Cryptanalysis. Proc. of Eurocrypt’94, 950:356–365, 1995.MathSciNetGoogle Scholar
  6. [6]
    K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic Analysis: Concrete Results. Proc. of CHES’01, 2162:251–261, 2001.Google Scholar
  7. [7]
    L. Goubin and J. Patarin. DES and Differential Power Analysis: The Duplication Method. Proc. of CHES’99, (1717):158–172, 1999.Google Scholar
  8. [8]
    Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis: Leaking Secrets. Proc. of CRYPTO’99, 1666:388–397, 1999.Google Scholar
  9. [9]
    M. Matsui. Linear cryptanalysis method for DES cipher. Proc. of Eurocrypt’93, (765):386–397, 1994.Google Scholar
  10. [10]
    Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan. Investigations of Power Analysis Attacks on Smartcards. USENIX Workshop on Smartcard Technology, pages 151–162, May 1999.Google Scholar
  11. [11]
    Elisabeth Oswald. On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD thesis, may 2003.
  12. [12]
    Takashi Satoh, Tetsu Iwata, and Kaoru Kurosawa. On Cryptographically Secure Vectorial Boolean Functions. Proc. of Asiacrypt’99, 1716:20–28, 1999.MathSciNetGoogle Scholar
  13. [13]
    K. Tiri and I. Verbauwhede. Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology. Proc. of CHES’03,2779: 126–136, 2003.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Sylvain Guilley
    • 1
  • Philippe Hoogvorst
    • 1
  • Renaud Pacalet
    • 2
  1. 1.Département communication et électroniqueGET/Télécom Paris, CNRS LTCIParis Cedex 13France
  2. 2.Département communication et électronique, Institut EurecomGET/Télécom Paris, CNRS LTCISophia-Antipolis CedexFrance

Personalised recommendations