Abstract

Since their publication in 1998 and 2001, respectively, Power and Electromagnetic Analysis (SPA, DPA, EMA) have been successfully used to retrieve secret information stored in cryptographic devices. Both attacks usually model the side-channel leakages using the so-called “Hamming weight” and “Hamming distance” models, i.e. they only consider the number of bit transitions in a device as an image of its leakage. In these models, the main difference between power and electromagnetic analysis is assumed to be the fact that the latter allows space localization (i.e. to observe the leakage of only a part of the cryptographic device). In this paper, we make use of a more accurate leakage model for CMOS devices and investigate its consequences. In particular, we show that it is practically feasible to distinguish between 0 → 1 and 1 → 0 bit transitions in certain implementations and that electromagnetic analysis is particularly efficient in this respect. We denote this model as the “switching distance” leakage model and show how it may be very helpful to defeat some commonly used countermeasures (e.g. data buses precharged with random values). Then, we compare the different models and stress their respective constraints/advantages regarding practical attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.