SPA/DPA
SecuritySimple/Differential Power Analysis -- side-channel attacks that analyze power consumption patterns to extract cryptographic keys.
SPA/DPA
Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are side-channel attacks that extract secret cryptographic keys by analyzing the power consumption patterns of a smart card chip during cryptographic operations. First published by Paul Kocher in 1999, these techniques revolutionized the understanding of physical security in embedded devices and directly shaped modern smart card chip design.
Simple Power Analysis (SPA)
SPA involves directly observing the power consumption trace of a single cryptographic operation. Because different instructions (multiply vs. square in RSA, branch vs. no-branch in DES) consume measurably different amounts of power, an attacker can visually identify which operation the processor is executing at each clock cycle.
For example, in a naive RSARSACryptographyPublic-key algorithm for smart card signatures and key exchange.Click to view → implementation, a "square" operation has a distinct power signature from a "multiply" operation. By reading the sequence of squares and multiplies from one power trace, the attacker can reconstruct the private exponent bit by bit.
Differential Power Analysis (DPA)
DPA is a statistical technique that overcomes noise and measurement limitations by collecting thousands of power traces across multiple operations with different inputs. The attacker formulates hypotheses about key bits, predicts the intermediate computation values, and correlates predicted values with observed power consumption using statistical tests (difference of means, correlation coefficient, or mutual information).
DPA is more powerful than SPA because:
- It works even when individual traces are too noisy to interpret visually
- It can extract keys from implementations with basic SPA countermeasures
- It scales to any symmetric or asymmetric algorithm (AES, 3DES, ECC)
Countermeasures in Modern Smart Cards
Smart card chip manufacturers implement multiple layers of DPA countermeasures:
| Countermeasure | Technique |
|---|---|
| Random delays | Insert random NOP cycles to desynchronize traces |
| Masking (Boolean/arithmetic) | Randomize intermediate values with per-execution masks |
| Dual-rail logic | Constant-power circuit design where every gate switches equally |
| Noise generators | On-chip random current sources to obscure signal |
| Shuffling | Randomize the order of sub-operations (e.g., AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view → S-box lookups) |
| Crypto coprocessor | Dedicated hardware with built-in DPA resistance |
These countermeasures are mandatory for Common Criteria certification — EAL 4+ and above requires demonstrated resistance to DPA in the JIL vulnerability assessment.
Related Content
Side-Channel Attacks and Countermeasures
Security…Power Analysis (SPA) and Differential Power Analysis (DPA) SPA/DPA — collectively side-channel attacks on power consumption —…
TEE vs Secure Element
Security…TEE initialisation SE Attacks : - Side-channel analysis (SPA/DPA) against power traces — mitigated by dedicated…
PCI PTS for Smart Card Terminals
Compliance…firmware is audited for timing side-channels ( SPA/DPA mitigations), buffer overflows, and hardcoded keys.…
Common Criteria Evaluation Process
Compliance…requires the lab to attempt side-channel attacks ( SPA/DPA ), fault injection, and invasive probing under conditions…
अक्सर पूछे जाने वाले प्रश्न
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.