Leakage Power Analysis Attacks: A Novel Class of Attacks to Nanometer Cryptographic Circuits

In this paper, a novel class of power analysis attacks to cryptographic circuits is presented. These attacks aim at recovering the secret key of a cryptographic core from measurements of its static (leakage) power. These attacks exploit the dependence of the leakage current of CMOS integrated circuits on their inputs (including the secret key of the cryptographic algorithm that they implement), as opposite to traditional power analysis attacks that are focused on the dynamic power. For this reason, this novel class of attacks is named "Leakage Power Analysis" (LPA). Since the leakage power increases much faster than the dynamic power at each new technology generation, LPA attacks are a serious threat to the information security of cryptographic circuits in sub-100-nm technologies. For the first time in the literature, a well-defined procedure to perform LPA attacks that is based on a solid theoretical background is presented. Advantages and measurement issues are also analyzed in comparison with traditional power analysis attacks based on dynamic power measurements. Examples are provided for various circuits, and an experimental attack to a register is performed for the first time. An analytical model of the LPA attack result is also provided to better understand the effectiveness of this technique. The impact of technology scaling is explicitly addressed by means of a simple analytical model and Monte Carlo simulations. Simulations on a 65- and 90-nm technology and experimental results are presented to justify the assumptions and validate the leakage power models that are adopted.