One particular talk that caught my eye during side-channel session of CHES was 'Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box' by Mathieu Renauld, Dina Kamel, Francois-Xavier Standaert and Denis Flandre. An implementation of the S-Box in the DDSLL dual-rail precharge logic style was compared with a static CMOS implementation. The analysis was done using the evaluation tools outlined at NIAT (co-located with CHES) by F.-X Standaert (first proposed at Eurocrypt in 2009). Using the perceived information, the amount of physical information leakage can be quantified independently of an adversary, and using a security analysis the relative effectiveness of distinguishers can be evaluated.
Conclusions made from a comparison of perceived information leakage under template and linear stochastic attacks were that DDL can provide a useful improvement in security over CMOS, but that the leakage reduction from DDL alone was not sufficient to provide complete security. The security analysis of the success rate of a template attack against increasing sample size (so the worst-case scenario) reveals that the DDSLL S-Box provides an increase in security of approximately one order of magnitude, and also that for both implementations there are time samples that are sufficiently vulnerable as to be exploitable with non-profiled attacks.
An interesting discussion points arising from the work are that given the quantity of information leakage reduction, practically secure implementations will need to incorporate additional countermeasures such as masking; how does DDL perform for varying technology nodes (the example here is 65nm); whether other DDL styles have similar linearity properties as the example here.