How can differential power analysis (DPA) still work without "sufficient" measurement resolution?
Referring to Introduction to differential power analysis (Paul Kocher, Joshua Jaffe, Benjamin Jun, Pankaj Rohatgi)
[...] Because the amount of power used by a device is influenced by the data being processed, power consumption measurements contain information about a circuit’s calculations. Even the effects of a single transistor, while not directly observable in power measurements from a large devices, do appear as weak correlations. When a device is processing cryptographic secrets, its data-dependent power usage can expose these secrets to attack. [...] DPA can accomplish in minutes or days what decades of cryptanalytic work cannot: the extraction of secret keys from devices using completely correct implementations of strong primitives. Even if the amount of information in each trace is orders of magnitude below the resolution of the measurement apparatus, this additional information can convert the computationally infeasible problem of breaking a cipher using brute force into a computation that can be performed quickly on a PC. […]
Could someone explain to me how it's possible to observe correlation to power fluctuations which aren't captured by the measurement, optimally with an example? This sounds unintuitive / non-logical to me. Maybe, if the fluctuation just happens to change the measured value(s), while itself not being captured at the higher resolution, sure, but what if the measured value(s) remain exactly the same regardless of the small fluctuation(s)?
