Performing TVLA to detect correct spot for CEMA

I would like to find the best spot where the information leakage is the highest to perform the CEMA attack on the chip. Currently I am just performing the CEMA attack and compare the results for different spots to determine which one is the best, although I would like to have a better solution for that, where I could determine the best spot faster. Im wondering if TVLA would be suitable for that? I know it shows me the leakage, but at certain point, the leakage is always there. Is there a method to kind of summarize how much leakage there is, when I would compare two TVLA tests from different spots? Like summing the SAD values up and the highest one is the best leakage overall for the spot?

Maybe! It depends on the implementation. Try it and see.

TVLA gives you a score for each measurement in time. The higher the score, the higher the potential leakage. The scores that exceed the TVLA pass/fail threshold of 4.5 indicate times where leakage may be exploitable by a side-channel attack.


So simply higher score = more exploitable CEMA on this spot? I think its hard to determine that this way

TVLA can identify where useful leakage exists, but there is no guarantee.
There are no promises that higher TVLA score = better attack, but that’s the idea.
TVLA says nothing at all about how to exploit the leakage it’s identifying.
It’s not a perfect tool, and like any tool, you need to understand its strengths and weaknesses to get the most out of it.
There is quite a lot written on it to learn more. If you haven’t yet, start by reading the original Goodwill paper and go from there:

do you know any other methods to find the correct spot for measurement?

Blood, sweat and tears :laughing:
I’m serious. Most papers gloss over this. Here’s one that doesn’t: A Side Journey to Titan - NinjaLab

thats my current approach :yum: just desperately looking for some input and relief