Abstract | ||
---|---|---|
The scatter–gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper, we show that scatter–gather is not constant time. We implement a cache timing attack against the scatter–gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA, our attack can fully recover the private key after observing 16,000 decryptions. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/s13389-017-0152-y | J. Cryptographic Engineering |
Keywords | Field | DocType |
Side-channel attacks, Cache attacks, Cryptographic implementations, Constant-time, RSA | Cache,Computer science,Parallel computing,Timing attack,Exploit,Side channel attack,Xeon,Public-key cryptography,Microarchitecture,Modular exponentiation | Journal |
Volume | Issue | ISSN |
7 | 2 | 2190-8516 |
Citations | PageRank | References |
41 | 1.08 | 32 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yuval Yarom | 1 | 775 | 35.54 |
Daniel Genkin | 2 | 579 | 31.18 |
Nadia Heninger | 3 | 885 | 50.78 |