eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2016/224

CacheBleed: A Timing Attack on OpenSSL Constant Time RSA

Yuval Yarom, Daniel Genkin, and Nadia Heninger

Abstract

The scatter-gather technique is a commonly-implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant-time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
side-channel attackscache attackscryptographic implementationsconstant-timeRSA
Contact author(s)
yval @ cs adelaide edu au
History
2016-03-01: received
Short URL
https://ia.cr/2016/224
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/224,
      author = {Yuval Yarom and Daniel Genkin and Nadia Heninger},
      title = {CacheBleed: A Timing Attack on OpenSSL Constant Time RSA},
      howpublished = {Cryptology ePrint Archive, Paper 2016/224},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/224}},
      url = {https://eprint.iacr.org/2016/224}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.