Power analysis

SPA and DPA were introduced to the open cryptography community in 1998 by Paul Kocher, Joshua Jaffe and Benjamin Jun.

[1][better source needed] In cryptography, a side channel attack is used to extract secret data from some secure device (such as a smart card, tamper-resistant "black box", or integrated circuit).

Simple power analysis (SPA) is a side-channel attack which involves visual examination of graphs of the current used by a device over time.

Similarly, squaring and multiplication operations in RSA implementations can often be distinguished, enabling an adversary to compute the secret key.

The attack exploits biases varying power consumption of microprocessors or other hardware while performing operations using secret keys.

DPA attacks have signal processing and error correction properties which can extract secrets from measurements which contain too much noise to be analyzed using simple power analysis.

Using DPA, an adversary can obtain secret keys by analyzing power consumption measurements from multiple cryptographic operations performed by a vulnerable smart card or other device.

Implementations of algorithms such as AES and triple DES that are believed to be mathematically strong may be trivially breakable using power analysis attacks.

For applications where devices may fall into the physical possession of an adversary, protection against power analysis is generally a major design requirement.

For this reason, care should be taken to ensure there are no secret values which affect the conditional branches within cryptographic software implementations.

A diagram of differential power analysis.
Observing RSA key bits using power analysis: The left peak shows the power consumption during the squaring-only step, the right (broader) peak shows the multiplication step, allowing exponent bits 0 and 1 to be distinguished.