What are side-channel attacks, and how can power consumption reveal a secret key?
Side-channel attacks extract secret information by observing physical characteristics of a device — such as power consumption, timing, electromagnetic emissions, or even LED blinking patterns — rather than attacking the algorithm mathematically.
* Simple Power Analysis: a multiply-and-square draws more power than a square alone, so RSA exponent bits show directly in the trace. *
Simple Power Analysis (SPA) on RSA:
- RSA uses repeated squaring and multiplying to compute $y = x^e \mod N$
- For each bit of the key: a "1" requires both a multiplication AND a squaring; a "0" requires only a squaring
- These operations consume different amounts of electrical power
- By measuring the power trace on an oscilloscope, the attacker can literally read the key bit by bit
Example: The power trace shows a clear pattern — tall peaks (multiply + square) for "1" bits, short peaks (square only) for "0" bits. The test key F0 00 81 0F FF A5 is directly visible in the power trace.
Modern side channels:
- Video-Based Cryptanalysis (2023): Researchers extracted secret keys from non-compromised devices by filming the power LED with a commercial video camera — different computations cause different LED brightness
- Timing attacks: Different keys cause different execution times
- Electromagnetic emissions: EM radiation leaks key-dependent information
Countermeasures: Constant-time implementations, power consumption masking, EM shielding — but side channels remain one of the most practical attack vectors against real hardware.
Go deeper:
Side-channel attack (Wikipedia) — the family of physical-leak attacks.
Power analysis (Wikipedia) — SPA and DPA, including reading RSA bits from a trace.
Video-Based Cryptanalysis (Nassi et al., 2023) — recovering keys by filming a device's power LED with a commercial camera.