Home Computer Science Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment

# Practical Session: Differential Power Analysis for Beginners

Jin Bucek, Martin Novotny and Filip Stepanek

## Introduction

Differential Power Analysis (DPA) is a powerful method for breaking the cryptographic system. The method does not attack the cipher, but the physical implementation of the cryptographic system. Therefore, even systems using modern strong ciphers like AES are vulnerable to such attacks, if proper countermeasures are not applied.

The DPA method uses the fact that every electronic system has a power consumption. If you measure the power consumption of digital system, you will probably see the power trace like in Fig. 4.1 with its peaks on rising and falling edges of clock. If the digital system runs an encryption and if you run this encryption several times using various input data, you may notice slight variations in power traces, as shown in Fig. 4.1. These variations are caused by many factors (varying temperature, etc.), but one of them are varying processed (inner) data. DPA utilizes the fact that power consumption depends on processed data (e.g., number of ones and zeros in processed byte) to break the cryptographic system.

To demonstrate the power of power analysis we prepared this tutorial for you. Before we start, please, download all necessary materials from the web. You will find the compressed archive at the address http://users.flt.cvut.cz/~novotnym/DPA. zip (the file has about 250 MB). Uncompressed materials can be found also at address http://users.flt.cvut.cz/~novotnym/DPA, which might be useful if you have problems

J. Bucek • M. Novotny (B) • F. Stepanek

Faculty of Information Technology, Czech Technical University in Prague, Praha, Prague, Czech Republic

e-mail: This email address is being protected from spam bots, you need Javascript enabled to view it ; This email address is being protected from spam bots, you need Javascript enabled to view it J. Bucek

e-mail: This email address is being protected from spam bots, you need Javascript enabled to view it F. Stepanek

e-mail: This email address is being protected from spam bots, you need Javascript enabled to view it

© Springer International Publishing Switzerland 2017 N. Sklavos et al. (eds.), Hardware Security and Trust, DOI 10.1007/978-3-319-44318-8_4

Fig. 4.1 The figure shows 500 power traces in the same time interval of 200 samples. Each power trace is run for unique input data, power traces are overlapped. Variations in power traces are caused by variations in processed data

to download the whole archive. The compressed archive contains two folders. In folder Analysis you will find files used in Sect.4.2. Files used in Sect.4.3 are available in folder Measurement.

You do not need to perform any measurement with an oscilloscope, as we have done these measurements for you. In folder Analysis you will find two sets of measurements, one set for a known key 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff, and one set for an unknow key. These sets will be used in Sect.4.2. You are also provided with sample codes in MATLAB that you can use in your program/script.

However, if you are equipped with an osciloscope (e.g., PicoScope), you can make your own measurement. Several advices you will find in Sect. 4.3.

Found a mistake? Please highlight the word and press Shift + Enter

Subjects