
State of the Art in Lightweight Symmetric Cryptography [pdf] - gbrown_
http://eprint.iacr.org/2017/511.pdf
======
nickpsecurity
"yubikey is supposed to be always carried by its owner, so that studying its
power consumption is not practical for the adversary."

How is that a valid assumption? The YubiKey will be plugged into a device that
the attackers might have compromised. They may instrument that device to do
power analysis of it any time it's plugged in. On top of any direct attacks
that are available.

~~~
_pmf_
Just a guess: if it's carried around and powered off and on, it does not have
a steady temperature, leading to a lot of additional noise in power
consumption (as opposed to repeatedly testing power consumption of a desktop
CPU, which can be done in short intervals at nearly the same environmental
conditions).

