Paper 2009/449

One for All - All for One: Unifying Standard DPA Attacks

Stefan Mangard, Elisabeth Oswald, and Francois-Xavier Standaert


In this paper, we examine the relationship between and the efficiency of different approaches to standard (univariate) DPA attacks. We first show that, when feeded with the same assumptions about the target device (i.e. with the same leakage model), the most popular approaches such as using a distance-of-means test, correlation analysis, and Bayes attacks are essentially equivalent in this setting. Differences observed in practice are not due to differences in the statistical tests but due to statistical artifacts. Then, we establish a link between the correlation coefficient and the conditional entropy in side-channel attacks. In a first-order attack scenario, this relationship allows linking currently used metrics to evaluate standard DPA attacks (such as the number of power traces needed to perform a key recovery) with an information theoretic metric (the mutual information). Our results show that in the practical scenario defined formally in this paper, both measures are equally suitable to compare devices in respect to their susceptibility to DPA attacks. Together with observations regarding key and algorithm independence we consequently extend theoretical strategies for the sound evaluation of leaking devices towards the practice of side-channel attacks.

Available format(s)
Publication info
Published elsewhere. To appear in IET Information Security
side-channel attacks
Contact author(s)
fstandae @ uclouvain be
2011-01-03: last of 3 revisions
2009-09-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Stefan Mangard and Elisabeth Oswald and Francois-Xavier Standaert},
      title = {One for All - All for One: Unifying Standard DPA Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2009/449},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.