- Power-trace analysis is a signal-processing exercise. The attacker captures power traces (signals), preprocesses them (filtering, alignment), and cross-correlates against hypotheses (matched filter / cross-correlation). The math is exactly the math of this chapter applied to leaked side-channel data. We'll work through an actual DPA attack in Chapter 24.
- Anti-aliasing for side-channel measurement. Attackers must sample fast enough to capture the chip's clock frequency to get clean data. If they undersample, the leakage aliases and gets harder to use. Defenders can deliberately add high-frequency dither to confuse undersampling attackers (though this is a weak defense by itself).
- Spread-spectrum signals (CDMA, GPS) and side channels both rely on cross-correlation. GPS finds a tiny signal buried in noise; the same technique finds a tiny key-correlated component buried in measurement noise.
- Stable systems versus unstable ones. Attacks like Rowhammer and other "induce instability" techniques deliberately push systems into unstable regions where small perturbations get amplified. Knowing s-plane stability concepts is foundational to recognizing and defending against these.
section 8 of 101 min read