The paper implies the cost is minimal, at least for the V2P parts. It seems that the equipment required places the attack within the reach of many universities and electronics companies.
"A full key recovery using 50000 measurements finishes in 8x39 minutes, i.e., in 6 hours (Virtex 4), and a full recovery on Virtex 5 devices using 90000 measurements finishes in 8x67 minutes,i.e., about
9 hours."A semi-official Xilinx response is available on their forums:
In his post Austin Lesea says: "...the attack is a sophisticated known attack method (Differential Power Analysis) which all crypto chips and systems are subject to, and there are no known and tested methods to avoid the attack (in theory, all crypto chips are vulnerable -- although one company is selling their patents, and is the primary driver behind getting this research into the public eye).
In practice, the attacker requires access, so any means to prevent access (anti-tamper) will prevent the attack, or make it more difficult. Encryption of the bitstream is one aspect of the solution: access control, and anti-tamper may also be required.
Xilinx continues to research (and provide) solutions. As with any solution in crypto, the attackers will figure it out, and succeed again. It is a never-ending battle between attacker, and defender."