>
curriculum/Electronic Measurements and Instrumentation
section 9 of 1812 min read

9. Oscilloscopes

The oscilloscope is the measurement tool you reach for first when something is wrong. It is also the central instrument in side-channel power analysis, fault injection observation, and any high-speed digital debug. We will spend significant time on it.

9.1 What a scope does

A scope plots voltage (vertical axis) against time (horizontal axis). The vertical axis is calibrated in volts/division; the horizontal in time/division. A "trigger" defines the time origin so repeated waveforms overlap on the screen.

9.2 The CRT analog scope

The original technology used a cathode ray tube (CRT). Inside an evacuated glass envelope: a heated cathode emits electrons; a grid (Wehnelt cylinder) controls beam intensity (the "Z-axis"); accelerating anodes shoot the beam toward a phosphor screen; two pairs of deflection plates steer the beam.

plaintext
                     Vertical
                     plates (Y)
                       │ │
   Cathode ─►  ───►───►─┤ ├─►───►───────► Phosphor
   (e- gun)              │ │        │ │     screen
                                    │ │
                              Horizontal
                              plates (X)

Voltage on the Y plates deflects the beam vertically; voltage on the X plates deflects horizontally. A horizontal sawtooth ramp sweeps the beam left-to-right; vertical input causes the trace to rise and fall as it sweeps, painting a waveform.

The phosphor (typically P31 green) glows briefly where the beam strikes. Persistence is set by phosphor chemistry: short for fast updates, long for low-rep-rate signals.

9.3 Vertical amplifier

The scope's input must:

  • Present high impedance so it doesn't load the circuit (typical 1 MΩ\Omega in parallel with 15-25 pF).
  • Have wide bandwidth (DC to MHz, GHz on high-end).
  • Provide selectable gain (typically 1 mV/div up to 10 V/div in a 1-2-5 sequence).
  • Cope with overdrive without latching up.
plaintext
   Input o──┬── 1 MΩ ──┬── ...
            │          │
          ─┴─ 15 pF    │
            │          ▼
            ⏚      [Input
                    attenuator]──[Pre-amp]──[Variable gain]──► to ADC/CRT

The 1 MΩ\Omega // ~20 pF input is a compromise. At DC, 1 MΩ\Omega is fairly light loading (a 10 kΩ\Omega source is barely affected). At high frequency, the 20 pF input capacitance becomes the dominant impedance: at 100 MHz, XC=80Ω|X_C| = 80\,\Omega, which absolutely loads any source. Hence the need for probes (next section), which present higher impedance.

A 50 Ω\Omega input mode is also offered on RF-oriented scopes; you connect the scope directly to a 50 Ω\Omega source through a matched cable, lowest distortion at high frequencies.

9.4 Horizontal time base

The horizontal sweep is generated by a bootstrap or Miller integrator circuit producing a linear voltage ramp. Speed selectable from say 1 ns/div to 1 s/div. The ramp drives the X-deflection plates on a CRT, or it indexes the digital memory in a DSO.

9.5 Triggering

Without a trigger, repetitive waveforms wouldn't overlap on screen and you'd see a smeared mess. A trigger is an event in the input (or external) signal that defines where time-zero is; the scope starts a sweep on each trigger event so identical events overlap.

Trigger types:

Edge trigger. The classic. Trigger when the signal crosses a threshold going positive (rising edge) or negative (falling edge). Set the threshold and the slope; the scope arms on the next opposite-direction crossing and fires on the next desired crossing.

Pulse-width trigger. Fire only on pulses whose width is greater-than, less-than, or within a range. Used for catching glitches or runt pulses: "show me any pulse shorter than 50 ns".

Video trigger. Sync to broadcast or composite video lines, fields, or frames. Used in TV repair and analog video work; mostly historical.

Serial protocol trigger. Trigger on a specific byte, address, or pattern in I2C, SPI, UART, CAN, USB, or other protocols. Modern Keysight, Tektronix, and Rohde scopes support this; very useful for digital debug ("show me when a write to address 0x40 happens").

9.6 Sweep modes: auto, normal, single

Auto sweep. Sweep on a trigger if one comes; otherwise sweep anyway after a timeout. Display shows something even if no trigger present. Good for daily debugging.

Normal sweep. Only sweep on a trigger. Display freezes if no trigger. Good for low-rep-rate signals you don't want to mix with auto-sweep traces.

Single. Wait for one trigger, capture, freeze. Good for one-shot events: a glitch, a startup transient, a fault event.

9.7 Delay line

In an analog scope, the trigger circuit needs time to recognize the event and start the sweep. Without compensation, by the time the sweep starts, the signal has already moved past the trigger point and the rising edge would be off the left of the screen. The fix: a delay line (a length of coax or a lumped LC delay line) in the vertical signal path, delaying the displayed signal long enough that the trigger event arrives at the screen at a position slightly to the right of the left edge.

Pre-trigger viewing (showing the signal before the trigger event) is automatic in a DSO because the digital memory is a circular buffer continuously overwritten; the trigger marks a position in memory and you can display data from before that position.

9.8 Sync and trigger source selection

Trigger sources: Channel 1, Channel 2, Channel 3/4 (on a 4-ch scope), External (a dedicated EXT TRIG input), Line (the AC mains, useful for syncing to 50/60 Hz hum). Pick the source that has the cleanest, most consistent feature relative to what you want to see.

9.9 Dual-trace alternate vs chop

A dual-trace scope shows two channels on one beam by time-multiplexing. Two modes:

Alternate. On each sweep, display Channel 1 only; on the next sweep, Channel 2. Good for high-rep-rate signals where successive sweeps are visually indistinguishable. Bad for low-rep-rate signals: the two channels' sweeps don't overlap in time.

Chop. During a single sweep, rapidly switch between channels (often at 250 kHz or so), painting a few dots of each. The eye blends the dots into two continuous traces. Good for low-rep-rate signals; bad for high-rep-rate because the chop frequency aliases with the input.

A modern DSO does this digitally (separate ADCs per channel) and never has to choose: both channels are always captured and displayed simultaneously.

9.10 Dual-beam scope

A true dual-beam scope has two separate electron beams in one CRT. The beams are deflected independently, so you can see two channels truly simultaneously, no time-multiplexing. Rare and expensive (Tektronix 555 was the classic). DSOs replaced them.

9.11 Sampling oscilloscope

For very fast signals (multi-GHz), you cannot Nyquist-sample in real time. A sampling scope uses equivalent-time sampling: trigger on a repeating signal, take one sample per repetition, but advance the sample point a small delta on each trigger. Over many triggers, you build up the waveform.

The Tektronix 11801 sampling scope and Keysight's high-end Infiniium DCA-X cover 50+ GHz this way. Limitation: requires a repeating signal. You cannot capture single-shot transients with equivalent-time sampling.

9.12 Storage scope: analog vs DSO

Analog storage CRT. A special phosphor or storage mesh that retains an image after the beam passes. Used for capturing single-shot transients in the pre-DSO era. Largely obsolete.

Digital storage oscilloscope (DSO). Now dominant. Sample the input, store in memory, display from memory.

rendering diagram...

Advantages of DSO: pre-trigger view, software measurements, protocol decode, FFT, deep memory, math channels, mask testing, USB/Ethernet for capture. Disadvantages over analog: at very low cost, the digitization quantization (8-bit ADC = 0.4% of full scale) shows; on rare signals the dead-time between captures can hide events.

9.13 Sample rate vs bandwidth

This is a famously misunderstood spec. Bandwidth is the analog −3 dB roll-off frequency. Sample rate is the ADC's clock. They're related but not identical.

For Nyquist-sampling, sample rate must be at least 2x bandwidth. In practice, scope vendors pick sample rates 4-10x the bandwidth to get clean sin(x)/x reconstruction: the higher the oversampling, the more accurately the displayed waveform represents the analog reality, especially for square waves and other rich signals. The Rigol DS1054Z is 50 MHz bandwidth at 1 GS/s (20x oversampled). The Tektronix MSO5 might be 1 GHz at 6.25 GS/s (6x oversampled).

A scope with bandwidth BWBW has a rise time approximately: trBW0.35t_r \cdot BW \approx 0.35

This is the bandwidth-rise time product for a single-pole system (a Gaussian-like response). Derivation: a single-pole low-pass filter H(s)=1/(1+s/ω0)H(s) = 1/(1+s/\omega_0) has step response 1eω0t1 - e^{-\omega_0 t}. The 10-90% rise time is: tr=ln9ω0=2.1972πf3dB0.35f3dBt_r = \frac{\ln 9}{\omega_0} = \frac{2.197}{2\pi \cdot f_{3dB}} \approx \frac{0.35}{f_{3dB}}

So a 100 MHz scope rises in 3.5 ns; a 1 GHz scope rises in 350 ps. To accurately capture a signal with trt_r of 1 ns, you need a scope with bandwidth at least 350 MHz, ideally 5x that for low distortion (so 1.75 GHz). Buying a scope with insufficient bandwidth is the most common mistake: rising edges round off, ringing disappears, glitches get smoothed away.

For side-channel work, this matters acutely. A modern microcontroller's clock might be 200 MHz; you want to see sub-clock-period detail in the power trace, so a scope of 1 GHz or more is desirable. The ChipWhisperer-Pro pairs with mid-range scopes for moderate-clock targets; higher-clock targets demand higher-bandwidth instruments.

9.14 Deep memory and segmented memory

Deep memory means the scope can capture millions or billions of samples per channel. At 1 GS/s, 1 Mpts is 1 ms; 1 Gpts is 1 second. Deep memory lets you capture a long event at high time resolution (e.g., the entire boot-up of a chip while triggering on a single specific point).

Segmented memory. Instead of one continuous record, divide memory into many small segments, each captured around its own trigger. Useful for sparse events: instead of recording the gaps between events (wasted memory), record only when something interesting happens. A LeCroy WaveRunner or Keysight DSOX with segmented memory can record 50,000 segments of 1000 samples each, storing only the relevant moments.

Segmented memory is invaluable for power-trace collection in side-channel attacks: you trigger on each cryptographic operation, capture the trace, and let the scope's segmented memory store many such traces back-to-back without intervening dead time.

9.15 Advanced features

Modern DSOs include:

  • Math channels. Add, subtract, multiply, divide channels; integrate, differentiate; FFT; user-defined.
  • Built-in FFT. Transform any captured trace into a frequency-domain view. Connects to Chapter 17 on signals and systems: the same FFT, in hardware.
  • Mask testing. Define a forbidden region on the screen; the scope flags any captured trace that touches it. Used in production test and eye-diagram analysis.
  • Protocol decoding. UART, I2C, SPI, CAN, LIN, USB, MIPI, JTAG. Save hours when debugging. Pair this with a serial protocol trigger for surgical debug.
  • Eye diagrams. Overlay many bit periods to see jitter, ISI, eye opening. Critical for high-speed digital and serial buses.
  • Power analysis. Compute switching loss, conducted EMI, harmonics; specialized "power package" software on Keysight, Tektronix, R&S.

9.16 Specific scopes you'll see

Rigol DS1054Z. ~$400. 50 MHz, 4 channels, 1 GS/s, 24 Mpts memory. Hackable to 100 MHz with a license string trick. The unbeatable hobbyist and entry-level lab scope. Suitable for embedded and low-frequency analog work; not for serious RF or sub-ns work.

Siglent SDS1104X-E / SDS2000X-Plus. Mid-tier, 100 MHz to 350 MHz range. Better front end than the Rigol, similar feature set. Good buy for a budget lab.

Tektronix MSO5/MSO6. 350 MHz to 8 GHz, 6.25 GS/s to 25 GS/s, 8-bit ADC (12-bit on some), great triggering. The "professional mid-range" scope; you'll see them in many digital design labs. MSO = mixed-signal oscilloscope = analog + 16 logic channels in one box.

Keysight Infiniium S-series, UXR-series. Very-high-end. Up to 110 GHz, 256 GS/s. Used in serious telecom, semiconductor characterization, advanced research. The S-series is the workhorse for 25+ Gbps signal integrity.

LeCroy WaveRunner / WaveMaster. Big in side-channel and power-electronics communities. Excellent waveform-rendering, deep memory, segmented memory, sophisticated power-analysis math. Often seen in DPA labs.

PicoScope (USB scope). No screen, runs on a host PC. Cheap, compact, 5000-series and 6000-series cover good bandwidth. Great for portable use, custom automation, and budget labs.

ChipWhisperer (Husky/Pro). Specialized side-channel scope with synchronous sampling clocked from the target. Not a general-purpose scope, but specifically designed for power-trace collection and glitching.

9.17 Lissajous patterns

If you feed two signals to X and Y inputs (XY mode, no time base sweep), the resulting figure depends on the frequency ratio and phase. 1:1 with 0° phase is a straight diagonal line; 1:1 with 90° is a circle; 1:1 with intermediate phases is an ellipse. 1:2 ratios give a figure-8.

Used historically to compare an unknown frequency against a known one (when the figure is stationary, the ratio is exact). Now mostly a curiosity, but XY mode still has uses: I-V curves on transistors, hysteresis loops, eye diagrams.