Side-channel attacks based on linear approximations

Power analysis attacks against embedded secret key cryptosystems are widely studied since the seminal paper of Paul C. Kocher, Joshua Jaffe and Benjamin Jun in 1998 where has been introduced the powerful Differential Power Analysis. The strength of DPA is such that it became necessary to develop sound and efficient countermeasures. Nowadays embedded cryptographic primitives usually integrate one or several of these countermeasures (e.g. masking techniques, asynchronous designs, balanced dynamic dual-rail gates designs, noise adding, power consumption smoothing, etc. ...). This document presents new power analysis attacks based on linear approximations of the target cipher. This new type of attacks have several advantages compared to classical DPA-like attacks: first they can use multiple intermediate values by query (i.e. power trace) allowing to reduce data complexity to a minimum, secondly they can be applied on parts of the symmetric cipher that are practically unreachable by DPA-like attacks and finally they can be mounted on an unknown cipher implementation.