On Second-Order Differential Power Analysis

  • Marc Joye
  • Pascal Paillier
  • Berry Schoenmakers
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)


Differential Power Analysis (DPA) is a powerful cryptanalytic technique aiming at extracting secret data from a cryptographic device by collecting power consumption traces and averaging over a series of acquisitions. In order to prevent the leakage, hardware designers and software programmers make use of masking techniques (a.k.a. data whitening methods). However, the resulting implementations may still succumb to second-order DPA. Several recent papers studied second-order DPA but, although the conclusions that are drawn are correct, the analysis is not.

This paper fills the gap by providing an exact analysis of second-order DPA as introduced by Messerges. It also considers several generalizations, including an extended analysis in the more general Hamming-distance model.


Side-channel analysis differential power analysis second-order attacks 


  1. 1.
    Triangle of coefficients of Gandhi polynomials. In: On-Line Encyclopedia of Integer Sequences,
  2. 2.
    Triangle of coefficients of a companion polynomial to the Gandhi polynomial. In: On-Line Encyclopedia of Integer Sequences,
  3. 3.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Boros, G., Moll, V.: Irresistible Integrals: Symbolics, Analysis and Experiments in the Evaluation of Integrals. Cambridge University Press, Cambridge (2004)zbMATHCrossRefGoogle Scholar
  5. 5.
    Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Joye, M.: Smart-card implementations of elliptic curve cryptography and DPA-type attacks. In: Smart Card Research and Advanced Applications VI, pp. 115–125. Kluwer Academic Publishers, Dordrecht (2004)CrossRefGoogle Scholar
  10. 10.
    Knuth, D.E.: The Art of Computer Programming, 3rd edn. Fundamental Algorithms, vol. 1. Addison Wesley, Reading (1997)Google Scholar
  11. 11.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and couter-measures for smard cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Rivest, R.L., Robshaw, M.J.B., Sideney, R., Yin, Y.L.: The RC6 block cipher. RSA Laboratories, v1.1, August 20 (1998)Google Scholar
  16. 16.
    Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Marc Joye
    • 1
  • Pascal Paillier
    • 2
  • Berry Schoenmakers
    • 3
  1. 1.CIM-PACA, Centre de Micro-électronique de Provence – George CharpakGardanneFrance
  2. 2.Advanced Research and Security CentreGemplus S.A.Issy-les-MoulineauxFrance
  3. 3.Dept of Mathematics and Computing ScienceEindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations