A new kind of cryptanalytic attacks, targeted directly at the weaknesses of a cryptographic algorithm's physical implementation, has recently attracted great attention. Examples are timing, glitch, or poweranalysis attacks. Whereas in so-called simple power analysis (SPA for short) only the power consumption of the device is analyzed, differential power analysis (DPA) additionally requires knowledge of ciphertext outputs and is thus more costly. Previous investigations have indicated that SPA is little threatening and moreover easy to prevent, leaving only DPA as a serious menace to smartcard integrity. We show, however, that with careful experimental technique, SPA allows for extracting sensitive information easily, requiring only a single power-consumption graph. This even holds with respect to basic instructions such as register moves, which have previously not been considered critical. Our results suggest that SPA is an effective and easily implementable attack and, due to its simplicity, potentially a more serious threat than DPA in many real applications.
[1]
Siva Sai Yerubandi,et al.
Differential Power Analysis
,
2002
.
[2]
Markus G. Kuhn,et al.
Low Cost Attacks on Tamper Resistant Devices
,
1997,
Security Protocols Workshop.
[3]
Markus G. Kuhn,et al.
Tamper resistance: a cautionary note
,
1996
.
[4]
Thomas S. Messerges,et al.
Investigations of Power Analysis Attacks on Smartcards
,
1999,
Smartcard.
[5]
M. Kuhn,et al.
The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors
,
2022
.
[6]
Hendrikus J. M. Veendrick,et al.
Short-circuit dissipation of static CMOS circuitry and its impact on the design of buffer circuits
,
1984
.
[7]
P. Kocher,et al.
Differential power analysis, advances in cryptology-CRYPTO'99
,
1999
.