[5597] in cryptography@c2.net mail archive
Re: Power analysis of AES candidates
daemon@ATHENA.MIT.EDU (Eli Brandt)
Tue Sep 14 21:03:07 1999
To: crypto list <cryptography@c2.net>
Date: Tue, 14 Sep 1999 20:21:57 -0400 (EDT)
From: Eli Brandt <eli@v.gp.cs.cmu.edu>
In-Reply-To: <m3yae96nve.fsf@soma.andreas.org> from "Andreas Bogk" at Sep 15, 99 00:04:53 am
Reply-To: eli+@cs.cmu.edu
Andreas Bogk wrote:
> The usual setup for DPA involves a 10 Ohm resistor which sits in the
> power supply and measuring the voltage across that resistor. The
> countermeasure we're talking about is an on-chip capacitor that
> smoothes the power consumption, [...]
Has this been analyzed? It's got to take the high-freqency
information the attacker's looking for so far below the thermal noise
floor that it can't recovered by averaging multiple runs. I do DSP,
not EE, but I'd think this smoothing capacitor would effect a one-pole
lowpass filter.
If so, doubling the cap size halves the cutoff frequency (right?),
halving the leaked power. Integrating runs gives signal voltage
linear in n and noise voltage sqrt(n); voltage ratio is sqrt; power
ratio is linear. So leaked-signal power is
Theta( (attacker's number of runs) / (capacitor size) ).
No asymptotic edge either way; attacker wins against bounded cap size.
</handwave>
--
Eli Brandt | eli+@cs.cmu.edu | http://www.cs.cmu.edu/~eli/
