by Yee Wei Law - Wednesday, 26 April 2023, 9:49 AM
Kocher et al. [KJJ99] pioneered the method of differential power analysis (DPA).
A power trace is a set of power consumption measurements taken over a cryptographic operation; see Fig. 1 for an example.
Fig. 1: A sample power trace of a DES encryption [KJJ99, Figure 1], which is clearly indicative of the 16 rounds of the Feistel structure.
Let us define simple power analysis (SPA) before we get into DPA. SPA is the interpretation of direct power consumption measurements of cryptographic operations like Fig. 1.
Watch a demonstration of SPA:
Most hard-wired hardware implementations of symmetric cryptographic algorithms have sufficiently small power consumption variations that SPA cannot reveal any key bit.
Unlike SPA, DPA is the interpretation of the difference between two sets of power traces.
More precisely, this difference is defined as
where
is the number of traces;
is the time index;
is the selection function which for the DES (see Figs. 2-3) is defined as the value of bit () of the DES intermediate (see input to block E in Fig. 3) at the beginning of the 16th round for ciphertext when is the 6-bit subkey entering the S-box corresponding to bit ;
is the th power trace (vector of power values).
Note each trace is associated with a different ciphertext.
Fig. 2: The Feistel structure of DES, where F denotes the Feistel function (see Fig. 3).
Fig. 3: The Feistel function of DES, where E denotes the expansion permutation that expands a 32-bit input to 48 bits.
During decryption of , denotes the half block (32 bits).
If bit enters S-box S1, then is the 6-bit subkey that enters S-box S1.
⚠ DPA was originally devised for DES but it can be adapted to other cryptographic algorithms.
DPA uses power consumption measurements to determine whether a key block guess is correct.
There are only possible values of .
When the attacker’s guess of is incorrect, the attacker’s value of differs from the actual target bit for about half of the ciphertexts ; equivalently, the selection function is uncorrelated to what was actually computed by the target device, i.e., .
When the attacker’s guess of is correct, is correlated to the value of the bit manipulated in the 16th round, i.e.,
approaches the effect of the target bit on the power consumption as , where is the time index corresponding to when is involved in computation;
approaches zero for all the times when is not involved in computation.
Fig. 4 shows four sample power traces (1 simple, 3 differential).
Fig. 4: From top to bottom: a simple power trace, a differential trace with a spike indicating correct guess, two differential traces for incorrect guesses [KJJ99, Figure 4]. for the differential traces.
References
[KJJ99]
P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, in Advances in Cryptology — CRYPTO’ 99 (M. Wiener, ed.), Springer Berlin Heidelberg, Berlin, Heidelberg, 1999, pp. 388–397. https://doi.org/10.1007/3-540-48405-1_25.
![\Delta_m[j] \triangleq \dfrac{\sum_{i=1}^m D(C_i,b,K_s)\vec{T}_i[j]}{\sum_{i=1}^m D(C_i,b,K_s)} - \dfrac{\sum_{i=1}^m [1-D(C_i,b,K_s)]\vec{T}_i[j]}{\sum_{i=1}^m [1-D(C_i,b,K_s)]},](https://lo.unisa.edu.au/filter/tex/pix.php/736d69d9fa8f066a9f809190f7c44753.gif "\Delta_m[j] \triangleq \dfrac{\sum_{i=1}^m D(C_i,b,K_s)\vec{T}_i[j]}{\sum_{i=1}^m D(C_i,b,K_s)} - \dfrac{\sum_{i=1}^m [1-D(C_i,b,K_s)]\vec{T}_i[j]}{\sum_{i=1}^m [1-D(C_i,b,K_s)]},")
![\vec{T}_i[j]](https://lo.unisa.edu.au/filter/tex/pix.php/61549829655dfd88a160b951b80f1094.gif "\vec{T}_i[j]")
![\lim_{m\to\infty}\Delta_m[j] = 0](https://lo.unisa.edu.au/filter/tex/pix.php/c2639ccee60018577e6b520bb06d4b71.gif "\lim_{m\to\infty}\Delta_m[j] = 0")
![\Delta_m[j_b]](https://lo.unisa.edu.au/filter/tex/pix.php/a926c5e378adc9c88eaffff156066c43.gif "\Delta_m[j_b]")
![\Delta_m[j]](https://lo.unisa.edu.au/filter/tex/pix.php/e2e2264203d8da66fd902df063843c28.gif "\Delta_m[j]")
