The Correlation Power Analysis (CPA) attack is an attack on cryptographic devices, especially
smart cards. The results of the attack are correlation traces. Based on the correlation traces, an evaluation is
done to observe whether significant peaks appear in the traces or not. The evaluation is done manually, by
experts. If significant peaks appear then the smart card is not considered secure since it is assumed that the
secret key is revealed. We develop a method that objectively detects peaks and decides which peak is
significant. We conclude that using the Gaussian curve fitting method, the subjective qualification of the peak
significance can be objectified. Thus, better decisions can be taken by security experts. We also conclude that the Gaussian
curve fitting method is able to show the influence of peak sizes, especially the width and height, to a significance of a
particular peak.