Eli Brandt writes:
> If so, doubling the cap size halves the cutoff frequency (right?),
> halving the leaked power. Integrating runs gives signal voltage
> linear in n and noise voltage sqrt(n); voltage ratio is sqrt; power
> ratio is linear. So leaked-signal power is
> Theta( (attacker's number of runs) / (capacitor size) ).
> No asymptotic edge either way; attacker wins against bounded cap size.
> </handwave>
I don't quite understand your handwave analysis: if we use
supercapacitors we can power the embedded unit for hours straight. A
typical encryption round completes in milliseconds at best, I don't
see how microsecond spike demands can ever leak out regardless whether
we measure till the Big Crunch or the day after tomorrow.
Apart from such crude-but-effective countermeasures we haven't even
begun tackling lunatic fringe stuff like reversible computation.