While cryptographic algorithms are usually strong against mathematical attacks, their practical implementation, both in software and in hardware, opens the door to side-channel attacks. Without expensive equipment or intrusive monitoring, these attacks bypass the mathematical complexity and find the cryptographic key by observing the power consumption or the execution time variations of the device in normal operation mode. The power traces of 8000 encryptions are for instance sufficient to extract the secret key of an unprotected ASIC AES implementation, which is orders of magnitude smaller than the 2128 tests required to brute force the algorithm. A careful implementation can address these vulnerabilities, yet the solutions conflict with the common design goals to optimize for area, performance and power consumption. This paper introduces the side-channel attack pitfalls, which help create or facilitate the observation of the information leakage, discusses mitigation strategies and i...