Side-channel attacks from static power: When should we care?

Static power consumption is an increasingly important concern when designing circuits in deep submicron technologies. Besides its impact for low-power implementations, recent research has investigated whether it could lead to exploitable side-channel leakages. Both simulated analyses and measurements from FPGA devices have confirmed that such a static signal can indeed lead to successful key recoveries. In this respect, the main remaining question is whether it can become the target of choice for actual adversaries, especially since it has smaller amplitude than its dynamic counterpart. In this paper, we answer this question based on actual measurements taken from an AES S-box prototype chip implemented in a 65-nanometer CMOS technology. For this purpose, we first provide a fair comparison of the static and dynamic leakages in a univariate setting, based on worst-case information theoretic analysis. This comparison confirms that the static signal is significantly less informative than the dynamic one. Next, we extend our evaluations to a multivariate setting. In this case, we observe that simple averaging strategies can be used to reduce the noise in static leakage traces. As a result, we mainly conclude that (a) if the target chip is working at maximum clock frequency (which prevents the previously mentioned averaging), the static leakage signal remains substantially smaller than the dynamic one, so has limited impact, and (b) if the adversary can reduce the clock frequency, the noise of the static leakage traces can be reduced arbitrarily. Whether the static signal leads to more informative leakages than the dynamic one then depends on the quality of the measurements (as the former one has very small amplitude). But it anyway raises a warning flag for the implementation of algorithmic countermeasures such as masking, that require high noise levels.