Energy Analysis Attack _ energy trace bit leak and entire byte leak comparison

In an energy analysis attack, you can choose to attack an entire byte or a single bit.

However, in the chip is usually in the form of a byte operation and storage, so even if the attack target is a single bit, the operation unit involved will still be byte. In this way, the other 7 bits in a byte are converted noise because the 7 bits also participate in the operation and appear in the captured energy trace. We refer to this conversion noise as P (sw.noise), the Useful information part P (exp), the operation consumes energy P (OP), and the energy p (data) generated by the result is:

P (OP) +p (data) =P (exp) +p (sw.noise)

For the entire energy trace, the total energy consumption

P (total) =p (exp) +p (sw.noise) +p (const), where P (el.noise) is the electronic noise, which is the noise generated by the electronic device at work, the P (const) is the fixed amount of energy consumed in the work.

Then the signal-to-noise ratio of this process, measured by variance, is expressed as:

Snr=var (signal)/var (noise) = var (p (exp))/VAR (p (sw.noise) +p (el.noise))

The higher the signal-to-noise ratio, the more leakage of the information of the energy trace, and the more suitable for the analysis behind it.

VAR (p (sw.noise)) is approximately 7 times times the Var (p (exp)) because the conversion noise includes 7bit and the information target point 1bit. So the signal-to-noise ratio of the single-point energy leak is much lower than the single-byte energy leak. This results in a more accurate analysis using the entire byte unit.

Reference:

Mangard, Stefan, Elisabeth oswald,and Thomas Popp. poweranalysis attacks:revealing The secrets of the smart cards. Vol. 31. springer,2008.

Energy Analysis Attack _ energy trace bit leak and entire byte leak comparison