According to the FAQ:

The key extraction attacks finds the secret key bits one by one, sequentially. For each bit, the attacker crafts a ciphertext of a special form, that makes the acoustic leakage depend specifically on the value of that bit. The attacker then triggers decryption of that chosen ciphertext, records the resulting sound, and analyzes it.

Which sounds to me like the latter?