Side-Channel Power Analysis Series - Part 2 of 7
| Part | Title | Status |
|---|---|---|
| 1 | The Gap Between Mathematical Security and Physical Reality |  |
| 2 - You are here | Why Does Power Consumption Leak Secrets? | |
| 3 | AES - Understanding What We Are Attacking | |
| 4 | SPA, DPA and CPA - The Attack Ladder | |
| 5 | Hardware Setup and First Connection - Let’s Actually Do This | |
| 6 | Compiling Firmware, Setting Up Capture and Getting Your First Real Power Trace | |
| 7 | I Stole an AES Key by Watching a Chip’s Power Consumption | |
← Previous: Part 1: The Gap Between Mathematical Security and Physical Reality | Next → Part 3: AES - Understanding What We Are Attacking
Part of the Side-Channel Power Analysis Series - IoTSec.in
Before We Start
If you landed here without reading Blog 1, go read it first. Seriously. This series builds on itself and if you skip the foundation, this post will feel like jumping into the middle of a movie.
If you have read it welcome back.
In Blog 1, we learned that mathematical security and physical security are two completely different things. A chip can run an algorithm that is mathematically unbreakable. But the chip still has to physically do the work. And while it does that work, it leaks information through the side door through power consumption, timing, electromagnetic radiation.
Today we are going to answer one very specific question.
Why does power consumption leak information?
Not in a hand-wavy way. In a real, from-the-ground-up way.
I am going to be honest with you when I first started learning this, I was extremely confused. I kept asking questions like “where is the data, like physically where is it?” and “who is moving the one?” and “what the heck is voltage even?”
If those questions sound familiar this blog is written for you.
What I Found Confusing (And Now Don’t) - Part 1
The biggest confusion I had: I thought voltage, current, data, and electrons were all different things fighting each other inside the wire.
I imagined something like:
Wire: [voltage] [current] [data = 1] [electron] [electron] -- all crammed in together
And I kept asking if data is travelling, and voltage is travelling, and current is also there who is doing what? Who is in charge?
The answer completely fixed my confusion.
They are not four separate things. Let me break it down properly.
Concept 1: The Wire Already Has Electrons
Take any copper wire. Before you connect it to anything. Before any power source. Just a plain wire sitting on your desk.
That wire already has electrons inside it. Everywhere. Evenly spread.
Wire: e- e- e- e- e- e- e- e- e- e-
(electrons sitting there doing nothing)
They are just sitting there. Waiting. Not moving. Not doing anything useful.
Now the question is — what makes them move?
Concept 2: Voltage Is Not a Thing. It Is a Difference.
This is the one that fixed everything for me.
Voltage is not a physical object that travels down a wire. Voltage is a difference in pressure between two points.
Think of two water tanks connected by a pipe.
[FULL TANK] ----pipe---- [EMPTY TANK]
(high pressure) (low pressure)
The full tank has more water. More pressure. The empty tank has less. Because of that difference in pressure water flows from the full side to the empty side.
Now what if both tanks are equally full?
[FULL TANK] ----pipe---- [FULL TANK]
(same pressure) (same pressure)
Nothing flows. No movement. Everything is equal so there is no reason for anything to go anywhere.
Voltage works exactly the same way.
One end of the wire has more “electrical pressure.” The other end has less. That difference is voltage. And because of that difference the electrons that are already sitting in the wire start moving toward the higher pressure end.
That movement of electrons is called current.
Voltage = the pressure DIFFERENCE (the cause)
Current = electrons MOVING because of that difference (the result)
Voltage does not travel. Voltage exists between two points. Current is what happens because voltage exists.
Concept 3: Data Is Not a Physical Thing Travelling in the Wire
Okay. This is the one that made me say “oh my god” when it finally clicked.
I kept asking if I send a 1, where is the 1 physically? Is it riding on the electron? Is it in the current? Where IS it?
The answer: the 1 is not physically anywhere. It is just a label we agreed on.
Here is what actually happens:
Voltage HIGH at a transistor right now = we call that a 1
Voltage LOW at a transistor right now = we call that a 0
That is the entire agreement. Nothing more.
The chip does not send little packets labelled “1” down a wire. The chip just switches transistors high and low. And we, as humans, agreed to read HIGH as 1 and LOW as 0.
Think of Morse code.
Short beep = dot
Long beep = dash
The sound waves do not know they are carrying a message. They are just sound waves. The meaning exists only because humans agreed on a pattern.
Same with your chip. The voltage does not know it is representing a secret key. It is just voltage going high and low. The meaning is in the pattern.
So data is not a separate thing from voltage. Data IS the pattern of voltages over time.
Time: 1 2 3 4 5 6 7 8
Voltage: H L H H L L H L
Data: 1 0 1 1 0 0 1 0
No third thing. No separate “data” object. The pattern of highs and lows IS the data.
Concept 4: A Transistor Is a Switch
Now we know what voltage is. Now we know what data is. Let’s talk about transistors.
A transistor is a switch. That is all it is.
You have a light switch on your wall. You flip it up light turns on. Flip it down light turns off. A transistor does the same thing, except instead of your finger flipping it, a voltage signal flips it.
High voltage arrives at transistor = switch flips ON = represents 1
Low voltage arrives at transistor = switch flips OFF = represents 0
A modern processor has billions of these switches. Every single computation your chip does is just billions of these tiny switches flipping on and off, incredibly fast.
Concept 5: How Does the Chip Know When to Read?
Okay. Here is a question I had and maybe you have it too.
If voltage is going HIGH and LOW all the time, how does the chip know when to read it? Does it accidentally read a zero that was not meant to be there?
The answer: the clock signal.
Every chip has a heartbeat. It is called the clock. The chip only reads the state of its transistors at each clock tick. Not continuously. Not between ticks. Only at the exact moment of each tick.
CLOCK: tick tick tick tick tick
| | | | |
CHIP: read read read read read
1 0 1 1 0
Between ticks? The chip does not care. It is not reading anything. It is just waiting for the next tick.
Think of a camera taking photos once per second. Whatever is in front of the lens at that exact moment that is the photo. What happens between clicks is ignored completely.
The clock is how the chip makes sense of the stream of highs and lows. It gives everything a precise timing.
Concept 6: Switching Costs Energy
This is where everything starts connecting to power analysis.
You have a light switch. It is off. You flip it on. That flip took effort energy from your hand.
Now imagine doing that a billion times per second. That takes a LOT of energy.
A transistor is the same. Every time it flips from OFF to ON or from ON to OFF — it costs a tiny amount of energy.
Why? Because of a component called a capacitor.
The Capacitor - Your Router Story
You probably have experienced this without realising it.
Power goes out in your house. Your router stays on for another second or two before shutting down.
That is a capacitor releasing stored energy. A capacitor is basically a tiny bucket that stores electrical energy. It charges up when power is flowing, and it can release that stored energy for a brief moment when the power disappears.
CHARGING: energy going INTO the capacitor = current flowing in
DISCHARGING: energy coming OUT of the capacitor = current flowing out
Think of it like a balloon.
You blow air into balloon = charging
Balloon releases air = discharging
The balloon does not need you to release. It releases on its own when you let go.
Back to the Transistor
Inside your chip, every transistor has a tiny capacitor attached to it.
When the transistor switches from 0 to 1 that capacitor needs to charge up. Charging requires current to flow. Current flowing means energy is being consumed.
When the transistor switches from 1 to 0 that capacitor discharges. Current flows again. Energy is consumed again.
Transistor: 0 --> 1 = capacitor CHARGES = current flows IN = energy consumed
Transistor: 1 --> 0 = capacitor DISCHARGES = current flows OUT = energy consumed
Transistor: 0 stays 0 = nothing changes = no current = no energy
Transistor: 1 stays 1 = nothing changes = no current = no energy
The key word is transition. Current only flows during the transition. Not during staying.
Power is consumed when transistors switch. Not when they sit still.
Concept 7: The Hamming Weight Model - This Is Where It Gets Wild
Now we know that switching costs energy. Let’s put that together with data.
I have two 8-bit numbers. The chip needs to process both of them.
Number A: 1 1 1 1 1 1 1 1 (eight ones)
Number B: 0 0 0 0 0 0 0 1 (one one, seven zeros)
For Number A how many transistors need to switch to HIGH?
Eight. All of them. Eight capacitors charging up. A lot of current flowing. A lot of energy consumed.
For Number B how many transistors need to switch to HIGH?
One. Just one. One capacitor charging up. Very little current. Very little energy.
Number A = 8 transistors switching = 8 capacitors charging = MORE power consumed
Number B = 1 transistor switching = 1 capacitor charging = LESS power consumed
Different data = different number of transistors switching = different power consumption.
This relationship has a name. It is called the Hamming Weight model.
Hamming Weight is just a fancy term for: count the number of 1s in your data.
11111111 --> Hamming Weight = 8 --> HIGH power consumption
00000001 --> Hamming Weight = 1 --> LOW power consumption
10110100 --> Hamming Weight = 4 --> MEDIUM power consumption
More 1s = more switching = more power consumed.
Fewer 1s = less switching = less power consumed.
The data being processed directly determines how much power the chip uses.
Concept 8: The Power Trace - What We Actually Measure
Now we know that different data causes different power consumption. But how do we actually measure this from outside the chip?
A researcher puts a tiny sensor in the circuit between the chip and its power supply. This sensor measures the tiny fluctuations in current as the chip works.
Power supply
|
[sensor] <--- measures current here
|
[chip]
|
Ground
Every time transistors switch current fluctuates the sensor picks it up.
The sensor takes thousands of measurements per second. Each measurement is one tiny number. All those numbers together, plotted on a graph over time that is called a power trace.
Power
|
| ** **
| * * * * *
| * * * * * *
| * * * * * * *
|__________________________ Time
^ spike here = lots of transistors switching = data with many 1s
^ small bump = few transistors switching = data with few 1s
Each spike in the trace corresponds to the chip doing something. Processing an instruction. Loading a value. Running a calculation.
The HEIGHT of the spike tells you roughly how many 1s were in the data being processed at that moment.
What I Found Confusing (And Now Don’t) - Part 2
I kept asking: but how does measuring power tell you the actual secret value?
Here is the answer in plain language.
Imagine the chip is running an encryption algorithm. At one specific moment, it is processing your secret key let’s say one byte of it.
An attacker is watching the power trace. They see a spike at that moment.
The spike is big. That means lots of transistors switched. That means the byte being processed had a high Hamming Weight lots of 1s.
The attacker now knows: whatever that byte is, it probably looks like 11110000 or 11001110 or something with many 1s. That eliminates a huge chunk of possibilities.
They do this for every byte of the key. Each power measurement gives them a clue. Eventually they piece together what the key must be without ever touching the algorithm, without breaking any math.
Attacker sees BIG spike --> "that byte has lots of 1s"
Attacker sees SMALL spike --> "that byte has few 1s"
Attacker sees MEDIUM spike --> "somewhere in between"
Repeat for every byte of the secret key.
Cross-reference with known data patterns.
Narrow down possibilities until you have the key.
They are solving a puzzle from outside the box. Not reading the answer directly. Deducing it from how the box physically behaves.
This is power analysis. And it works.
The Full Picture - How It All Connects
Let me put everything we learned into one clean diagram.
SECRET DATA (e.g. encryption key byte: 11110001)
|
v
TRANSISTORS switch HIGH or LOW based on data
|
v
CAPACITORS charge and discharge during each switch
|
v
CURRENT flows in and out of chip during switching
|
v
POWER CONSUMPTION fluctuates based on how many 1s in data
|
v
SENSOR measures those fluctuations
|
v
POWER TRACE = graph of consumption over time
|
v
ATTACKER reads spike heights
|
v
ATTACKER deduces Hamming Weight of data at each moment
|
v
ATTACKER reconstructs secret key
The chip never wanted to reveal anything. The algorithm is mathematically secure. But the physics of how transistors work charging capacitors, consuming current that creates an involuntary signal. A side channel. And that signal leaks the secret.
What We Learned - Glossary
Transistor - A tiny switch inside a chip. Voltage HIGH = switch ON = 1. Voltage LOW = switch OFF = 0. Modern chips have billions of them.
Voltage - Not a thing that travels. A difference in electrical pressure between two points. Voltage is the cause. Current is the result.
Current - The movement of electrons through a wire. Happens because voltage pushes them. Current is what we measure to detect power consumption.
Capacitor - A tiny energy storage component. Think of it as a balloon that fills up and empties. In a chip, every transistor has one. Switching charges or discharges the capacitor and causes current to flow.
Transition - The moment a transistor switches state. This is the ONLY moment power is consumed. Staying at 0 or staying at 1 uses no power. Switching does.
Dynamic Power Consumption - The power consumed during transistor switching. Proportional to how many transistors switch at once. This is the type of power that leaks information.
Hamming Weight - The count of 1s in a binary value. 11110000 has Hamming Weight 4. 11111111 has Hamming Weight 8. Higher Hamming Weight = more transistors switch = more power consumed.
Power Trace - A graph of power consumption over time, captured while a chip is doing computation. Each spike corresponds to transistors switching. The height of spikes reflects the Hamming Weight of the data being processed.
Leakage Model - The mathematical model that describes how data relates to power. The Hamming Weight model is the most common: power consumed ≈ number of 1s in the data.
What Just Happened
We just connected transistors → capacitors → current → power traces → secrets.
You now understand WHY power consumption leaks information. Not because someone designed it badly. Not because there is a bug. But because the physics of how transistors work creates an unavoidable signal.
The chip does not want to leak anything. It just cannot help it. Every switch it makes costs energy. And that energy cost depends on the data. And we can measure energy from outside.
That is the side channel.
What Is Coming in Blog 3
We have been talking about power analysis in general. But we need a real target to attack.
In Blog 3, we are going to look at AES the Advanced Encryption Standard. It is one of the most widely used encryption algorithms in the world. It is on your phone, your laptop, your bank card.
Mathematically, AES is extremely strong. But physically, every time AES runs on a chip, it leaks power. And that power has a very specific, very exploitable relationship with the secret key.
Before we can attack it, we need to understand what it actually does. What are the steps? What operations does it perform? What does it look like from the inside?
That is exactly what Blog 3 is about.
See you there.
← Blog 1: The Gap Between Mathematical Security and Physical Reality | Blog 3: AES — Understanding What We Are Attacking →